Problem Note 69315: Google Chrome version 58 and later issues "Invalid Common Name of Certificates NET::ERR_CERT_COMMON_NAME_INVALID" when accessing SAS® web applications
When you try to access SAS web applications in Google Chrome, you might encounter the following warning:
Invalid Common Name of Certificates NET::ERR_CERT_COMMON_NAME_INVALID
This warning occurs due to the changes in the browser settings for Chrome version 58 and later. In version 58, Google changed its security policies to not allow any certificates that have missing Subject Alternative Names. For more information, see Issue 308330.
Workarounds
There are several workarounds:
- Regenerate the certificates to include a Subject Alternative Name.
- Temporarily allow Chrome to ignore the warnings and proceed.
- (This workaround is valid only for Chrome versions 58 - 65.) Set the EnableCommonNameFallbackForLocalAnchors policy. This policy allows Chrome to use the commonName of a certificate to match a hostname if the certificate is missing a subjectAlternativeName extension.
Operating System and Release Information
| SAS System | SAS Web Application Server | Microsoft® Windows® for x64 | 9.4 | | 9.4 TS1M0 | |
| 64-bit Enabled AIX | 9.4 | | 9.4 TS1M0 | |
| 64-bit Enabled Solaris | 9.4 | | 9.4 TS1M0 | |
| HP-UX IPF | 9.4 | | 9.4 TS1M0 | |
| Linux for x64 | 9.4 | | 9.4 TS1M0 | |
| Solaris for x64 | 9.4 | | 9.4 TS1M0 | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
This warning is due to the changes in the browser settings for Chrome, which include security policies that do not allow any certificates that have missing Subject Alternative Names.
| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2022-06-21 13:45:48 |
| Date Created: | 2022-06-20 13:07:49 |
