Update: MS fixes the issue with a new certificate which properly includes hotmail.com
domain. so no more error message when accessing hotmail.com
on Chrome.
Below is for reference only.
I believe it's not a "sth. is wrong with your configuration" situation instead it's a server side issue. I'd like to write a long answer so anyone facing the same issue(Chrome 58 and hotmail.com) wouldn't waste time in "securing" the system.
As of today(May 8th 2017)
hotmail.com has following certificate
-----BEGIN CERTIFICATE----- MIIH/TCCBeWgAwIBAgITWgAH0HeSax/6XsZlkgAAAAfQdzANBgkqhkiG9w0BAQsF
ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE
CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgU1NMIFNIQTIw
HhcNMTcwNDE3MTc0MjIzWhcNMTgwMjE3MTc0MjIzWjAaMRgwFgYDVQQDDA8qLm1h
aWwubGl2ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf1hD1
tIfgW3k8stvmQJCZEpXhcYOmH597ePSSvnozmNTUUp++65+k1uvmFGrbKtaSvuRu
FpiJvFvJ6KJnNFNgKmyzpgUKC1tud4pC7pIMO4uRfxTGPVS7AUZiAZCu1xzPOaDR
z9/9I94Emhth+gr1mSOcDlOf2PZnCNoRVfmMiwtcn7RUzzzklHZAlGCirwe/HOk4
An5F0dCOv4eoOaquvpVv15d3tdy+Tep7iRDg0LvJ5EWhpBhvBymipSVfMK9aSQhC
kvyXEdKHWmZzcAOGuA68TGNCYAVbSfVRJzrrhgGqb8GkydSuFKF8NROA7NQyzeTT
n89hxd3CUxGvuM6JAgMBAAGjggPIMIIDxDAdBgNVHQ4EFgQUv8Vqe/TPUXEp1tkE
KXc0cvw9JTQwCwYDVR0PBAQDAgSwMB8GA1UdIwQYMBaAFFGvJCac9GgiV4AmKztG
YhV7HsylMH0GA1UdHwR2MHQwcqBwoG6GNmh0dHA6Ly9tc2NybC5taWNyb3NvZnQu
Y29tL3BraS9tc2NvcnAvY3JsL21zaXR3d3cyLmNybIY0aHR0cDovL2NybC5taWNy
b3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL21zaXR3d3cyLmNybDBwBggrBgEFBQcB
AQRkMGIwPAYIKwYBBQUHMAKGMGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kv
bXNjb3JwL21zaXR3d3cyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNv
Y3NwLmNvbTA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDz4lNrfIChaGfDIL6
yn2B4ft0gU+HtM98gc26MgIBZAIBHDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwTgYDVR0gBEcwRTBDBgkrBgEEAYI3KgEwNjA0BggrBgEFBQcCARYoaHR0
cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzADAnBgkrBgEEAYI3
FQoEGjAYMAoGCCsGAQUFBwMBMAoGCCsGAQUFBwMCMIIBqwYDVR0RBIIBojCCAZ6C
DyoubWFpbC5saXZlLmNvbYIKKi5saXZlLmNvbYINKi5ob3RtYWlsLmNvbYIJKi5t
c24uY29tgggqLmFmeC5tc4INbWFpbC5saXZlLmNvbYINaG90bWFpbC5jby5qcIIN
aG90bWFpbC5jby51a4IQaG90bWFpbC5saXZlLmNvbYIPaG90bWFpbC5tc24uY29t
gg93d3cuaG90bWFpbC5jb22CE3d3dy5ob3RtYWlsLm1zbi5jb22CDHd3dy5saXZl
LmNvbYIRd3d3Lm1haWwubGl2ZS5jb22CD20ubWFpbC5saXZlLmNvbYIRY29udGFj
dHMubGl2ZS5jb22CD3Blb3BsZS5saXZlLmNvbYINaG9tZS5saXZlLmNvbYIYY29s
NDMwLXNlYy5tYWlsLmxpdmUuY29tghtvcmlnaW4uYmx1MTgwLm1haWwubGl2ZS5j
b22CG29yaWdpbi5kdWIxMzEubWFpbC5saXZlLmNvbYIfb3JpZ2luLmNvbDQzMC1z
ZWMubWFpbC5saXZlLmNvbYILbXNzbC5hZngubXMwDQYJKoZIhvcNAQELBQADggIB
AJIg/Pcc3FtEe4bazzwRXl5Dirjz69TlBrkHBhA/Mf9fw2nEAGXl9xckjL48yG3a
yPWUolT4sAO8aWkqAtTKjpB7Qtiuk/M8ZLI5LENeKlb8d4RRbKs/qQhqK07/5PaI
XptcqSu6mGY6UcdKsdzlpEjMhrfhDPStReZQPs9pkeD13IkxgPONih2IyoMdsqEz
JUHIBgs4Yz0v7OHZeE2GZ8wkCGukbUC+HyNTpWX1v8/1RSzbp7Bpe2kv5Y3BWBiK
HlYvCvwYfr2660wr1tllQc/6JqPecWAmENlbzEoArH5P0JPmCRlTFgHnkQw8jU/4
6JLpt37XOpdQRPe6d4KG1qoAI1hdGjLdC2sRwVTKUS0LWF/U0QpeJzGa9L1rUBmh
DdwzvSd914MMgSV66QfA4hswfhXtV1k8Rf7Tyngr965n2QO3uLSpUrZ9wENSSPu2
0RDIQRssQAVgX3o5dAhf2HUGHzRbqTZDA7x01HKYBcAxpdmQP8JAS48bY6x1CeHh
F10tXhJVtnmSdjrEdMTB0uf6EUSYXQE40HckguyggQwK61gq74KszoP96l8rTGJe
7OQunGtgykbPzW81ecE2PcIJ5mN7h0rfvat5xAVj+WxJ3BTUoCFxYIw3Xal+z6Hn
Js9aVZBWUcn6TGVDApG5QghlXyUg8ilE1NgHdGpmpJyQ
-----END CERTIFICATE-----
Which can be decoded here(or just search "ssl certificate decoder") it has common name *.mail.live.com
and SAN:
*.mail.live.com, *.live.com, *.hotmail.com, *.msn.com, *.afx.ms, mail.live.com, hotmail.co.jp, hotmail.co.uk, hotmail.live.com,
hotmail.msn.com, www.hotmail.com, www.hotmail.msn.com, www.live.com,
www.mail.live.com, m.mail.live.com, contacts.live.com,
people.live.com, home.live.com, col430-sec.mail.live.com,
origin.blu180.mail.live.com, origin.dub131.mail.live.com,
origin.col430-sec.mail.live.com, mssl.afx.ms
Note that it has *.hotmail.com
as well as www.hotmail.com
but no hotmail.com
, and *.hotmail.com does NOT cover hotmail.com.
So most likely there is some change in Chrome 58 which properly implements this check and blocks hotmail.com
. Using www.hotmail.com
instead of hotmail.com
should eliminate the error.
And the same error is caught with Firefox but since hotmail.com
is a 301 redirect Firefox just let it pass but there is actually something wrong.![Firefox](https://cdn.statically.io/img/i.sstatic.net/soQR6.jpg)
On May 9th, 2017 hotmail.com
has a new certificate with hotmail.com
included so no more error message on Chrome.
Subject Alternative Names: *.mail.live.com, *.live.com, *.hotmail.com,
*.msn.com, *.afx.ms, mail.live.com, hotmail.co.jp, hotmail.co.uk, hotmail.live.com, hotmail.msn.com, www.hotmail.com,
www.hotmail.msn.com, www.live.com, www.mail.live.com, m.mail.live.com,
contacts.live.com, people.live.com, home.live.com,
col430-sec.mail.live.com, origin.blu180.mail.live.com,
origin.dub131.mail.live.com, origin.col430-sec.mail.live.com,
mssl.afx.ms, hotmail.com, live.com