Skip to main content

Chrome Shows SSL Warning for Non-FQDNs

Oct

17

2013

Time to read

Read so far

Written by: 

Bruce Morton

Time to read

Written by: 

Entrust completed an internal test recently and was surprised by a warning from Google Chrome version 30. The test case has a Web server with a non-fully registered domain name (non-FQDN) and an SSL certificate from a publicly trusted certification authority (CA).

testcertificates.local

The Chrome browser put an ‘X’ through the lock icon and a cross through ‘https.’ The warning states “Identity not verified” and explains, “You are connected to a server using a name only valid within your network, which an external authority has no way to validate ownership of.”

This would be pretty severe to typical user.

You may already know about the issue of SSL certificates with non-FQDNs. The public trust CAs will stop issuing these certificates by November 1, 2015. If you are using one of these certificates, Chrome is incenting you to solve your problem earlier by providing a warning to your users.

To solve the problem, you should consider:

 

  • Converting your domain names to FQDNs
  • Remove the non-FQDNs as these names may just be short cuts that you don’t need
  • Get your certificate from your own enterprise CA or a CA with private trust

 

 

 

photo-bruce-morton
Bruce Morton
Director for Certificate Services
Bruce Morton is a pioneering figure in the PKI and digital certificate industry. He currently serves as Director for Certificate Services at Entrust, where he has been employed since 1997. His day-to-day responsibilities include managing standards implementations, overseeing Entrust’s policy authority, and monitoring Entrust Certificate Services for industry compliance.
View all of Bruce's Posts
Facebook