Chrome Subject Alternate Name missing workaround
I've got a load of SSL certificates for my domain that are signed by Domain Controller. A few weeks ago this "bug" appeared, requiring all certifcates to have a SAN.
The workaround for this, while I figure out how to generate how to generate certificates for my Linux boxes "properly", is to set a registry value in a GPO.
Steps for workaround:
- Create/edit a new GPO
- Go to "computer configuration" -> "preferences" -> "windows settings" -> "registry" and add a new registry entry (screenshots below)
- Set the following options:
- Action: create
- Hive to "HKEY_LOCAL_MACHINE"
- Key path to "Software\Policies\Google\Chrome"
- Value name to "EnableCommonNameFallbackForLocalAnchors"
- Value type to "REG_DWORD"
- Value data: "00000001"
- Open a command prompt as an admin, do a group policy update "gpupdate /force"
- Verify that the key has been set in same command prompt "REG QUERY HKLM\SOFTWARE\Policies\Google\Chrome /v EnableCommonNameFallbackForLocalAnchors"
How long this workaround will work for is anyones guess, but it'll help solve a problem for the short term.