How very bizarre… Chrom(ium) chokes if your TLS server certificate has an @ symbol in the Common Name (CN) field. It also fails with an “unable to parse file” error if you try to import a certificate authority that has the same (but, if you add the same certificate authority to the system trust store, it imports it without issue when you next start the browser).
TL; DR: Do not use the @ symbol in the Common Name (CN) fields of your TLS certificates.
(Firefox has no trouble with the same certificates and neither does OpenSSL.)
I am not a security expert but when I look at things like this, then read about security issues at Lastpass and other companies, is there a link. Surely the industry needs to get it's act together ASAP over all this.
@zleap I don’t really see how this could have a security implication. It’s more an issue with dense/hard to read RFCs. For such fields, it also looks like some certificate authorities have their own limits, etc., so I’m not sure how standardised some of those are. Best to keep them simple, I guess.
@zleap @aral how's this related to the lastpass incident?