Hi
After Google has updated Chrome, we now have problems accessing websites with SSL.
HTTPS Scanning is enabled on the Sophos UTM and the problem seems to be that Chrome no longer accepts an empty DNS name in the SSL certificate presented in the browser.
Does anyone have a solution to this?
I guess that the best solution would be for Sophos to change the way they generate the "Man in the middle" certificate so that the website URL is listed in the DNS (or SAN) in the certificate.
Anyone?
Kind regards
Karsten Stolten
Same here. Issue occurs after Chrome 58 is installed.
Here are the details of the Chrome changes (which apparently are identical to changes in Firefox 48): https://bugs.chromium.org/p/chromium/issues/detail?id=700595&desc=2
Sophos need to fix this.
(It's possible to set the 'Whether to allow certificates issued by local trust anchors that are missing the subjectAlternativeName extension' policy using the ADM/ADMX templates from https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip which will set EnableCommonNameFallbackForLocalAnchors in the registry to work around this for now - however be aware this may stop working in Google Chrome 65 - again, Sophos need to fix)
https://textslashplain.com/2017/03/10/chrome-deprecates-subject-cn-matching/