The Google Chrome web browser reports the following error when accessing the Identity Router's Portal for single-sign on:
The screen will appear as shown below. The text that is blurred in the screenshot will be the domain name of the server you are accessing. This will either be your IDR's Portal page, or an intermediate server, such as an IWA server.
If you click the Advanced link on the page displayed by Chrome, additional information will be displayed, explaining that "[the server's] security certificate does not specify Subject Alternative Names."
If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead."
Accordingly, Google Chrome version 58 and later issues a warning when only the certificate's Common Name field is available to validate server identity. Chrome now supports only a subjectAltName (Subject Alternate Name or SAN) x.509 certificate extension of type dNSName for server identity.
Send a new certificate signing request to your CA. Discuss the request with your CA's administrator to make sure the signed certificate will include a subjectAltName extension of type dNSName.