The Setup
In order to protect the very small intranet of the ACME company, which contains two private servers, foo-server and bar-server, I've created with OpenSSL:
- The Root CA Certificate
- The Intermediate CA Certificate
- The ca-chain file, containing the Intermediate CA but not the Root CA
- The foo-server certificate
- The bar-server certificate
I've bundled the chain and the certificates and configured one NGINX on foo-server and one APACHE on bar-server.
I've then installed the Root CA on my local Firefox and on my local Chrome.
Note that I've not used any SAN: for now, the certificates are issued for server names only (eg foo-server), NOT for their full names (eg. foo-server.ACME.local).
The Result
When I open https://foo-server/ and https://bar-server/,
On FIREFOX
Everything is OK. I see both of them secured (as it should be) because the server sends the chain properly, and I have the CA Root Certificate installed.
On CHROME
I get the following error on both of them, but the Common Names are perfectly fine:
NET::ERR_CERT_COMMON_NAME_INVALID
The Question
Since I'm really noob at this (I'm a Developer playing with SysAdmin toys), I would not be surprised to discover that the problem is something naive for you, but unknown to me.
What could be the culprit? What could I check? Maybe Chrome doesn't recognize a server name with no domain?
