UMP certificate error on chrome

Document ID : KB000077021
Last Modified Date : 10/04/2018
Show Technical Document Details
Issue:
  • After following the instructions to enable https on the UMP all works as expected when opening the UMP in IE but the site still generates a certificate error when opened in chrome.
  • The CA (certificate authority) root certificate has been added to the "trusted root certificate store"
Cause:
Since chrome build 58, chrome has increased the security requirements for https see here
Resolution:
Add the Subject alternative name (SAN) to the keytool commands to generate the key pair and certificate request.

Key Pair
 
<UMP or UIM server_installation>/jre/<jre_version>/bin/keytool -genkeypair -alias wasp -keyalg RSA -keysize 2048 -keystore wasp.keystore  -validity <days_cert_is_valid> -ext SAN=dns:<FQDN>
Certificate request
<UMP or UIM server_installation>/jre/<jre_version>/bin/keytool -certreq -alias wasp -validity 365 -keystore wasp.keystore -ext SAN=dns:<FQDN> -file wasp.csr