Whether to allow certificates issued by local trust anchors that are missing the subjectAlternativeName extension

When this setting is enabled, Google Chrome will use the commonName of a server certificate to match a hostname if the certificate is missing a subjectAlternativeName extension, as long as it successfully validates and chains to a locally-installed CA certificates.

Note that this is not recommended, as this may allow bypassing the nameConstraints extension that restricts the hostnames that a given certificate can be authorized for.

If this policy is not set, or is set to false, server certificates that lack a subjectAlternativeName extension containing either a DNS name or IP address will not be trusted.


Supported on: Microsoft Windows XP SP2 or later
Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\Chrome
Value NameEnableCommonNameFallbackForLocalAnchors
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

chrome.admx

Administrative Templates (Computers)

Administrative Templates (Users)