Yesterday, I had a working development site suddenly start throwing SSL errors:
The error message was:
This server could not prove that it is [Server Name] its security certificate is from [missing_subjectAltName]
Huh? What broke this?
Well, it turns out that Chrome had updated to Chrome 58, which removed support for the “Common Name” field. Instead, we’re supposed to use the “Subject Alternative Name” (SAN) field. That’s unfortunate; the IIS ‘Create Certificate Request‘ option we’d used resulted in a certificate with no Subject Alternative Name field. That could be a result of how it was handled – I didn’t create the certificate – but it looks like Windows MakeCert doesn’t handle Subject Alternative Names, so I wouldn’t be surprised if this is a general Windows issue.
The SSL cert continued to work without a SAN just fine in IE, but Firefox and Chrome now demand it, and so were throwing SSL errors.
Now, it seems that the Subject Alternative Name is what we’re actually supposed to use, and that publicly trusted certs have used both fields for years – but in our development server, using our own CA, that wasn’t the case.
See How to Request a Certificate With a Custom Subject Alternative Name.
Or Create a self-signed certificate for development.
A quick note to myself – in Chrome you can check your HSTS headers for a site using:
This was a problem for me yesterday, and the UAT system I was configuring wasn’t visible to sites like https://securityheaders.io/ that I’d normally use.
Well, Google has launched the next broadside in the battle between Redmond and the Googleplex – their own ‘Chrome‘ Browser. Creating a browser makes a lot of sense for Google, really – IE7 had ‘Windows Live’ as the default search provider for the Search box, so Microsoft were clearly starting to try and leverage their ownership of the desktop, and the browser on it (which, of course, is leveraging their ownership of the operating system – though having a web browser integral to the OS seems bloody stupid to me!) And yes, you can add Google as a provider, and set it as the default (I always do) – but it’s effort, and a bit scary for my granny, you know?
Anyway, I found myself wondering – how does SharePoint work with Chrome? We know Chrome is based on Firefox and Safari and other bits – but how well would it perform. The short answer – not bad…
Continue reading “How well does SharePoint work with Chrome?”