HTTPS scanning Web Protection SSL error ERR_CERT_COMMON_NAME_INVALID

HI KarstenStolten, 

The new version of Chrome V58 will no longer accept certificates that do not have a subject alternate name.  Chrome is following RFC 2818 for this change.  Chrome V58 has now gone GA .

This could affect the Sophos Web appliance and Sophos UTM, which both use https scanning. The site generated certificate that we give back in these cases does not have a subject alternate name, meaning Chrome will reject the certificate and block the site

There are 3 options you may opt for. 

Option 1: Disable HTTPS scanning untill the issue is fixed. 

Option 2: Use another Web Browser . 

Option 3 *preferred: setting this GPO to ENABLED https://www.chromium.org/administrators/policy-list-3#EnableCommonNameFallbackForLocalAnchors 

Our Dev team are working on this issue should be resolved soon . 

Do you have any experience applying that GPO? I must be missing something. I have the policies in GP Management Editor, but I cannot find the policy in question anywhere. 

I had the same issue. Took me a while to realise that I had to update the ASMX files with the new version (the files in the link were updated for the v58 release on 18th April). Update these and the entry is under User Admin Templates > Google > Chrome as 'Whether to allow certificates issued by local trust anchors that are missing the subjectAlternativeName extension'.

Thanks, I spent a good 10 minutes looking for that and had just given up!

Thanks, I spent a good 10 minutes looking for that and had just given up!