Whether to allow certificates issued by local trust anchors that are missing the subjectAlternativeName extension

When this setting is enabled, Google Chrome will use the commonName of a server certificate to match a hostname if the certificate is missing a subjectAlternativeName extension, as long as it successfully validates and chains to a locally-installed CA certificates.

Note that this is not recommended, as this may allow bypassing the nameConstraints extension that restricts the hostnames that a given certificate can be authorised for.

If this policy is not set, or is set to false, server certificates that lack a subjectAlternativeName extension containing either a DNS name or IP address will not be trusted.

Supported on: SUPPORTED_WIN7

Registry PathSoftware\Policies\Google\Chrome
Value NameEnableCommonNameFallbackForLocalAnchors
Enabled Value1
Disabled Value0


Administrative Templates (Computers)

Administrative Templates (Users)