Chrome Shows SSL Warning for Non-FQDNs

October 17, 2013 by Bruce Morton     No Comments

Entrust completed an internal test recently and was surprised by a warning from Google Chrome version 30. The test case has a Web server with a non-fully registered domain name (non-FQDN) and an SSL certificate from a publicly trusted certification authority (CA).

google_nonFQDNThe Chrome browser put an ‘X’ through the lock icon and a cross through ‘https.’ The warning states “Identity not verified” and explains, “You are connected to a server using a name only valid within your network, which an external authority has no way to validate ownership of.”

This would be pretty severe to typical user.

You may already know about the issue of SSL certificates with non-FQDNs. The public trust CAs will stop issuing these certificates by November 1, 2015. If you are using one of these certificates, Chrome is incenting you to solve your problem earlier by providing a warning to your users.

To solve the problem, you should consider:

  • Converting your domain names to FQDNs
  • Remove the non-FQDNs as these names may just be short cuts that you don’t need
  • Get your certificate from your own enterprise CA or a CA with private trust

About

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.

Add to the Conversation