Mark, On 8/8/17 9:03 AM, Mark Thomas wrote: > On 08/08/17 13:59, George Stanchev wrote: > > <snip/> > >> Is it possible the recent changes [1] has affected it? Chrome no longer >> looks in CN, which is ignored but rather expects SAN to be filled up. >> Perhaps Tomcat's test certs lack SAN? >> >> [1] https://www.thesslstore.com/blog/security-changes-in-chrome-58/ > > That did affect the server cert and we fixed that a little while ago. I > don't believe it applies to user certs. The new user cert doesn't have a > SAN and it is now working correctly in Chrome.
Is "now" working, or is "not" working in Chrome? -chris
signature.asc
Description: OpenPGP digital signature
