When launching the Centrify User and Admin Portals or a single-sign on application integrated with Centrify, the IWA service fails to silently authenticate. Since version 58, Chrome requires SSL certificates to use SAN (Subject Alternative Name) instead of the popular Common Name (CN), thus CN support has been removed. If you're using self signed certificates having only the CN (common name) defined, you receive an error as such:Cause:
The Centrify Connector IWA Service host is using a self-signed certificate that does not contain a SAN (subject alternative name). Resolution:
A. Generate a new self-signed certificate that contains the Centrify Connector hostname(s) in the SAN (subject alternative name) using IIS or OpenSSL.
1) Upload the new self-signed certificate at the Centrify Admin Portal > Settings > Network > Centrify Connectors > Select the Connector > IWA Service > Upload
2) Restart the Centrify Connector Service at Start > Administrative Tools > Services
B. Revert back to the default Centrify IWA certificate, re-registering the connector.
1. Go to Start > All Programs > Centrify > Centrify Connector Configuration > Connector tab > Re- register