A friend of mine (not technical person) moved an API of a web application from azure to liquidweb. Users with FireFox and Edge are able to see the website just fine. But users with Chrome get SSL issues . When I use Chrome to visit the api url https://api.example.com
, I noticed that the address bar gave an exclamation mark instead of the usual lock icon. Clicking on the exclamation mark gave the typical Your site connection is not secure message
. Again, this is not a problem in FireFox or Edge.
I looked at my friend's IIS settings which are shown here:
And the details of the certificate are all "green icon" except for key usage
and basic constraints
as shown here
I personally have other websites hosted on the bluehost.com shared hosting which uses linux, nginx, and let's encrypt ssl that show the same settings for key usage
and basic constraints
that don't have the same problem.
What might be wrong with my friend's SSL set up that could be causing issues for Chrome?
ADDITIONAL
Here's what I see in Chrome:
Also, my friend's server uses Windows Server 2016 on build 1607 with IIS version 10.
ADDITIONAL 2
FireFox shows that the Subject Alt Name is the same as the Common name. Screenshot here:
ADDITIONAL 3
Also, here's a verification check from https://sslshopper.com/ssl-checker.html
Best Answer
This is probably because the domain name is not listed in the "Subject Alternative Name" (SAN) field of the certificate, and it's mandatory since Chrome 58 : https://support.google.com/chrome/a/answer/7391219?hl=en
Ensure that the domain name is listed in the Subject Alternative Name, even if the Subject Name is correct.
Or you are using a revoked Let's Encrypt certificate, check here: https://checkhost.unboundtest.com/