The latest versions of Google’s Chrome browser introduces a much stricter interpretation and implementation of paragraph 3.1 of RFC2818, dealing with Server Identity in the context of HTTP over TLS. This may cause Chrome to present users with a connection-security warning page in a number of situations as noted above.
Although the RFC document doesn’t formally prohibit the use of Common Names in the Subject field of certificates for the purposes of a server’s identification, use of the Subject Alternative Name (subjectAltName or SAN) extension for this purpose is cited as being preferred.
When accessing a site noted in the situation above, a user will see an error/warning page such as the one below with error:
Chrome browser version 58 and later, and:
Generate a new certificate that includes the subjectAltName and use it in place of the old certificate.
The management console or CLI currently does not provide an option to generate a Certificate Signing Request (CSR) that includes the subjectAltName extension.