On 14 August 2017 21:03:34 BST, Christopher Schultz <ch...@christopherschultz.net> wrote: >Mark, > >On 8/8/17 9:03 AM, Mark Thomas wrote: >> On 08/08/17 13:59, George Stanchev wrote: >> >> <snip/> >> >>> Is it possible the recent changes [1] has affected it? Chrome no >longer looks in CN, which is ignored but rather expects SAN to be >filled up. Perhaps Tomcat's test certs lack SAN? >>> >>> [1] https://www.thesslstore.com/blog/security-changes-in-chrome-58/ >> >> That did affect the server cert and we fixed that a little while ago. >I >> don't believe it applies to user certs. The new user cert doesn't >have a >> SAN and it is now working correctly in Chrome. > >Is "now" working, or is "not" working in Chrome?
Now working. I.e. the user certificate does not need a SAN to work correctly. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
