It’s a bit too long for tweet, then short entry here instead 🙂
TLDR;
Chrome will now require ssl certificate to have Subject Alternative Name (SubjectAltName, SAN) othewrise it won’t be trusted. Which this SubjectAltName mostly missing in selfsigned certificates.
Issue:
Since Chome 58, There is a change that might impact to website with SSL. Subject Alternate Name is now a required field for Chrome to trust a certificate.
This cause all existing SSL certificates without those SubjectAltName won’t be trusted.
Actually this SubjectAltName was required for several years, but Chome has fallback code that if the value of SubjectAltName is missing, it will use the value from Common name instead.
In this Chrome 58, it remove the fallback code which make SubjectAltName is real required now. To enable it back see workaround below. This might impact to development site (ex. localhost) or intranet with selfsign ceritificates.
Workaround:
Enable the fallback functionality back from Registry key (for Windows),
see https://www.chromium.org/administrators/policy-list-3#EnableCommonNameFallbackForLocalAnchors
Permanent Solution:
Regenerate SSL certificate with SubjectAltName.
Reference:
https://www.chromestatus.com/features/4981025180483584
https://bugs.chromium.org/p/chromium/issues/detail?id=700595&desc=2
https://www.reddit.com/r/sysadmin/comments/677hep/chrome_58_not_supporting_self_signed_certificates
