Symantec Messaging Gateway Signing Request

May 02 2017, 10:48 PM

by stevenwells99

When a certiifcate request is generated by SMG, it doesn't allow for a FQDN in the Subject Alternative Name.

When a certificate is used by an internal CA it is not trusted by Chrome version 58 or higher.

The work around is to make Chrome ignore this security feature, meaning Chrome is less secure that it could be.

In Chrome 58 if you get the error NET::ERR_CERT_COMMON_NAME_INVALID you need to update and re-issue your certificates (eg. for the Symantec Messaging Gateway) using a resolveable Fully Qualified Domain Name (FDQN) in the certificate Subject Alternative Name (SAN).

Suggest SMG be updated to create certificate signing method correctly.

  • Products
  • Upgrade
  • Troubleshooting
  • Roadmap
  • DigiCert Code Signing
  • DigiCert Complete Website Security
  • Patch
  • DigiCert SSL TLS Certificates
  • 0

    Same error here... 

    It's there any info related to compatibility between smg and ie only ?