Ssl – ERR_CERT_COMMON_NAME_INVALID with internal AD CA wildcard


I have created an internal ADCS CA using this guide, and then submitted a certificate request to create a wild card certificate for my domain Intention behind this being to apply to some of my internally accessible test servers for access from domain joined machines and suppressing cert errors.

All seems to be well, and the certificate chain seems to be trusted for an internal domain joined machine, however, when I browse to a site using, Chrome gives me a COMMON_NAME_INVALID error.

If I look at the certificate details, I can see that it is issued to * so I am confused as to why it thinks it is invalid?
Here is the cert subject

CN = *
OU = Home
O = Eds
L = Ipswich
S = Suffolk
C = GB

For reference, here is the guide I followed to create the cert.

Can anyone advise if I need to redo the request with different settings to account for any changes to the way Chrome handles certs or if I am just completely off the mark?

Best Answer


I needed to also populate a SAN with a wildcard entry, and also move from SHA1 to SHA256.