Watchguard Video

KB-01735-V6D2 - Google Chrome Updated to Version 58 and EL Web does not display properly.

Google Chrome Version 58 - Your connection is not private. Security Certificate. Unable to view EL Web after login using Chrome version 58. 

"The server could not prove that it is <insert server name here>; its security certificate is from [missing_subjectAltName]."
Method 1

A registry key must be added to allow the updated Google Chrome (Version 58.0.3029.81) to use the commonName of the server certificate. This will allow Chrome to match a hostname if the certificate is missing a 'subjectAlternativeName' extension, as long as it successfully validates and chains to a locally-installed CA certificates. 


Before performing the following steps, be sure to contact your local administrator.

1. Create a backup of your registry: 

  1. Click Start, type regedit.exe in the search box, and then press Enter. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  2. In Registry Editor (with Computer highlighted), Click File > Export.
  3. In the Export Registry File dialog box, select the location where you want to save the backup copy to, and then type a name for the backup file in the File name field.
  4. Click Save.

2. Run the following command form an elevated command prompt (Command Prompt - right click - Run as administrator).

*HKCU must added for each user using the PC.

     reg add HKLM\Software\Policies\Google\Chrome /v EnableCommonNameFallbackForLocalAnchors /t REG_DWORD /d 1

reg add HKCU\Software\Policies\Google\Chrome /v EnableCommonNameFallbackForLocalAnchors /t REG_DWORD /d 1

     Successful result will indicate: "The operation completed successfully." 


3. Close all open Google Chrome browsers and relaunch Google Chrome. (There will still be a prompt, "Your connection is not private.")

4. Click on Advanced and select Proceed to 'Server Name' (unsafe). 

5. Enter login credentials and click on Sign In


You should now be able to fully access Evidence Library Web. 

Method 2

1. Close all open Google Chrome browsers

2. Open the Windows System Tray in the lower right corner of the screen by clicking the up arrow and Close any Google Applications that are running

3. Open the Windows Task manager (Teamviewer bar - Ctrl - Alt - Delete button) and click the Services Tab and close any remaining Google services that are running

4. Copy to the customer computer which cannot connect and Extract and Run the script titled EnableCommonNameFallbackforLocalAnchors.zip in the notes section below. To run the script, double click and you will get a popup confirming the registry values were applied.

Method 3

If Methods 1 and 2 above do not resolve the issue, try this method to resolve the issue.

1) Copy the scripts in the notes titled restoreCertificate.ps1 and backupCertficiate.ps1 to the customer server 

2) Open Powershell as an Administrator (right click on Powershell - Run as administrator option)

3) Navigate in powershell to the directory you placed the script on the customer computer (use the cd.. and cd <directory name> commands to navigate)

4) Execute the Backup script on the server using the "./" (Ex: ./backupCertficate.ps1)

5) Execute the Restore script on the server using the "./" (Ex: ./restoreCertificate.ps1)

6) Download and Install the Transfer Agent on the DESKTOP computer, not the Server from Evidence Library

7) Restart the DESKTOP computer, NOT the Server

Method 4 - Do NOT use anymore

Please do not create a new certificate to fix the Chrome 58 issue. This method is no longer used.