Today is the first workday after the Chinese lunar new year. One of the certificates for private use expired on the customer’s web server. Because the Chrome browser requires Subject Alternative Names, the certificate request file needs more attributes to add. If not, Chrome will pop up an insecure web site warning as follows:

This server could not prove that it is elux.crm.tw; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.

Steps

1. Use the Certificate (for Computer) snap-in in Microsoft Management Console
2. Create custom requests (PKCS #10 Request file and Subject Alternative Names: DNS)
3. Request X.509 Certificate from Microsoft Certificate Services
4. Install the new certificate on the web server

PKCS #10

Subject Alternative Names

X.509 Certificate