Fix Chrome "missing_subjectAltName" error with SAP...
Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Since version 58, Google Chrome requires SSL certificates to use SAN (Subject Alternative Name) instead of the popular Common Name (CN). By default an SAP NetWeaver Application Server does not generate certificates with SAN attribute. Users therefore receive an error message, like this one:
SAP Note 2209439 briefly describes the generation of a certificate with SAN attribute. I would like to describe the procedure somewhat more precisely with this blog article.
First you have to check the Installed SAPCryptoLib version. This is done with the ABAP report SSF02 (transaction SA38). You must have a version greater than 8.4.42.
Next, create a new certificate.This can be done with transaction STRUST.
To get a certificate with Subject Alternative Name (SAN), you must now enter DNS=<FQDN> at the beginning of the DN field:
You can specify multiple server names separated by colon ":".
Then you should have a certificate with DNS tag:
To sign the new certificate, create a CSR in the usual way.