Some browsers do not trust signed certificates generated by Messaging Gateway

book

Article ID: 170403

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Some more recent versions of the Firefox and Chrome web browsers do not trust signed TLS certificates whose signing request was generated using the Messaging Gateway certificate configuration page. The signed certificate is considered insecure and invalid even though it has a valid certificate authority signature.

Cause

Certificate signing requests (CSR) generated by some versions of Messaging Gateway do not contain the subjectAlternativeName attribute which can be interpreted by more recent we browsers as less secure.

Environment

Messaging Gateway

Resolution

This has been resolved with the SMG 10.6.4 release. The subjectAlternativeName extended attribute will now be set for new CSRs. This will not, however, correct the web browser behavior with respect to existing signed certificates.

Google Chrome can be configured to use the certificate Subject Common Name (CN) when the Subject Alternative Name (SAN) is missing from the certificate. Please see TECH240507 for details.