Let me start by saying this is a work problem so I can’t provide any specific details, but I’m utterly stumped and I’m hoping someone has seen this before.
We have a dev/demo lab with it’s own AD and certificate authority. We have issued a cert to a web server, but in Chrome/Edge we get NET::ERR_CERT_COMMON_NAME_INVALID. When I inspect the cert it shows as completely valid and the CN completely matches the URL of the browser. I’m baffled here, not sure what to even look at next. Any suggestions welcome.
Did you enter a Subject Alternative Name in the CSR? I’ve seen a few systems require that or it’s “Invalid”
1 Like
We did not specify a Sub Alt Name. I’ll put that on the list to try on Monday.
Yeah, I always include a SAN when making my own certs to avoid just this type of problem.
1 Like
My friend figured it out. Apparently Chrome ignores the CN field since version 58 and only uses the SAN field. 
To all who guessed “do you have a SAN?”, pat yourself on the back as that was indeed the issue. Getting Windows to create a CSR with a SAN that my CA would accept was another matter, but I eventually figured it out. All is happy now.