Browser reports Messaging Gateway certificate as invalid

book

Article ID: 169948

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Some browsers (e.g. Chrome, Firefox) might report Symantec Messaging Gateway (SMG) certificate as invalid. This is due to recent changes that depreciate the use of the Common Name field in SSL certificate.

NET::ERR_CERT_COMMON_NAME_INVALID

Resolution

Symantec is aware of this issue and will update this document when a solution becomes available. It is not necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates.


The below workarounds exist:


1. CSR or self-signed certificate with SubjectAltName info can be generated outside of SMG GUI, i.e on a different machine. There are many different options to achieve this. One example of such procedure is described in KB:

How to create a Subject Alternative Name certificate for Symantec Messaging Gateway​
http://www.symantec.com/docs/TECH226877


2. Until Chrome version 65, it should be possible to set EnableCommonNameFallbackForLocalAnchors policy. For step-by-step please see the below KB article:

NET::ERR_CERT_COMMON_NAME_INVALID when using HTTPS inspection
http://www.symantec.com/docs/TECH240507