As of this post, I am running Microsoft Edge DEV Version 220.127.116.11 (Official build) dev (64-bit) on Windows 7, configured as my default browser.
I have a server running running McAfee ePolicy Orchestrator that is currently configured to use a self-signed certificate that has a CA name like Orion_CA_<hostname> and a website certificate issued by this CA to <hostname>.
Note <hostname> is not a FQDN, just a short host name.
The ePO website is accessed with a URL like: https://<hostname>:8443/
I have my local machine certificate store configured with the McAfee CA so IE11 trusts the CA and associated ePO certificate and connects to the website without any certificate errors or warnings.
However, using Edge DEV I get the Your connection isn't private warning with the error shown as:
I found a Symantec reference for Google Chrome that discusses adding EnableCommonNameFallbackForLocalAnchors to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome however, there is no corresponding HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge key on my machine.
I realize I can fix this by generating a more conformant certificate but should Chromium Edge also support this registry work-around?
Creating a key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge and adding the DWORD EnableCommonNameFallbackForLocalAnchors with a value set to 1 did not change the behavior in my Edge DEV installation.
I can get to the ePO website with Edge DEV by clicking the Advanced button on the warning page which does indeed tell me the problem is a missing SAN:
This server couldn't prove that it's <hostname>; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.
Clicking the link: Continue to <hostname> (unsafe) does allow me to get to the website but it shows the Not Secure warning and the lined-through https protocol string in the URL.
The policy EnableCommonNameFallbackForLocalAnchors was removed in Chrome 66 and thus never supported in Microsoft Edge Insider. You'll need to update the certificate generator such that it generates certificates containing SubjectAltNames.