Entrust completed an internal test recently and was surprised by a warning from Google Chrome version 30. The test case has a Web server with a non-fully registered domain name (non-FQDN) and an SSL certificate from a publicly trusted certification authority (CA).

google_nonFQDN

The Chrome browser put an ‘X’ through the lock icon and a cross through ‘https.’ The warning states “Identity not verified” and explains, “You are connected to a server using a name only valid within your network, which an external authority has no way to validate ownership of.”

This would be pretty severe to typical user.

You may already know about the issue of SSL certificates with non-FQDNs. The public trust CAs will stop issuing these certificates by November 1, 2015. If you are using one of these certificates, Chrome is incenting you to solve your problem earlier by providing a warning to your users.

To solve the problem, you should consider:

  • Converting your domain names to FQDNs
  • Remove the non-FQDNs as these names may just be short cuts that you don’t need
  • Get your certificate from your own enterprise CA or a CA with private trust
Bruce Morton

Bruce Morton

Bruce Morton is a pioneering figure in the PKI and digital certificate industry. He currently serves as Director for Certificate Services at Entrust Datacard, where he has been employed since 1999. His day-to-day responsibilities include managing standards implementations, overseeing Entrust Datacard’s policy authority, and monitoring Entrust Certificate Service for industry compliance.