Default Advanced Threat Protection certificate is not trusted in Google Chrome 58 or later.

book

Article ID: 165157

calendar_today

Updated On:

Products

Advanced Threat Protection Platform Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

After upgrading Google Chrome to version 58, the default certificate for Advanced Threat Protection (ATP), ProxySG is listed as not secure even after the certificate is installed in the Trusted Root Certificate Authorities Store.  

Two errors are listed:

The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.

There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).
 

Cause

Chrome 58 has removed the ability to fallback to Common Name matching on certificates.  In order for a certificate to be trusted in Chrome 58 or later, the certificate must include a Subject Alternative Name (SAN).  

Resolution

To work around the issue with the default certificate, you can re-enable Common Name fallback using the steps outlined in the following document:  

https://www.chromium.org/administrators/policy-list-3#EnableCommonNameFallbackForLocalAnchors

Also Refer to below link for RegEdit

https://www.techrepublic.com/article/how-to-resolve-ssl-certificate-warnings-produced-by-the-latest-chrome-update/