发表新帖
发表新帖

Creating self signed certificate for domain and subdomains - NET::ERR_CERT_COMMON_NAME_INVALID

前端 未结
关注
9 2121
后悔当初
后悔当初 2020-12-04 10:27

I followed this tutorial for creating Signed SSL certificates on Windows for development purposes, and it worked great for one of my domains(I\'m using hosts file to simulat

相关标签:
9条回答
  • 半阙折子戏
    2020-12-04 11:04

    A workaround is to add the domain names you use as "subjectAltName" (X509v3 Subject Alternative Name). This can be done by changing your OpenSSL configuration (/etc/ssl/openssl.cnf on Linux) and modify the v3_req section to look like this:

    [ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = myserver.net
DNS.2 = sub1.myserver.net

    With this in place, not forget to use the -extensions v3_req switch when generating your new certificate. (see also How can I generate a self-signed certificate with SubjectAltName using OpenSSL?)

    0 讨论(0)
  • 终归单人心
    2020-12-04 11:07

    Create openssl.conf file:

    [req]
default_bits = 2048
default_keyfile = oats.key
encrypt_key = no
utf8 = yes
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = US
ST = Cary
L = Cary
O  = BigCompany
CN = *.myserver.net

[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = myserver.net
DNS.2 = *.myserver.net

    Run this comand:

    openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout app.key -out app.crt  -config openssl.conf

    Output files app.crt and app.key work for me.

    0 讨论(0)
  • 走了就别回头了
    2020-12-04 11:12

    Chrome 58 has dropped support for certificates without Subject Alternative Names.

    Moving forward, this might be another reason for you encountering this error.

    0 讨论(0)
  • 小蘑菇
    2020-12-04 11:16

    For everyone who is encountering this and wants to accept the risk to test it, there is a solution: go to Incognito mode in Chrome and you'll be able to open "Advanced" and click "Proceed to some.url".

    This can be helpful if you need to check some website which you are maintaining yourself and just testing as a developer (and when you don't yet have proper development certificate configured).

    Of course this is NOT FOR PEOPLE using a website in production where this error indicates that there is a problem with website security.

    0 讨论(0)
  • 独厮守ぢ
    2020-12-04 11:17

    As Rahul stated, it is a common Chrome and an OSX bug. I was having similar issues in the past. In fact I finally got tired of making the 2 [yes I know it is not many] additional clicks when testing a local site for work.

    As for a possible workaround to this issue [using Windows], I would using one of the many self signing certificate utilities available.

    Recommended Steps:

    1. Create a Self Signed Cert
    2. Import Certificate into Windows Certificate Manager
    3. Import Certificate in Chrome Certificate Manager
      NOTE: Step 3 will resolve the issue experienced once Google addresses the bug...considering the time in has been stale there is no ETA in the foreseeable future.**

      As much as I prefer to use Chrome for development, I have found myself in Firefox Developer Edition lately. which does not have this issue.

      Hope this helps :)
    0 讨论(0)
  • 有刺的猬
    2020-12-04 11:17

    I think it may be a bug in chrome. There was a similar issue long back: See this.

    Try in a different browser. I think it should work fine.

    0 讨论(0)
 看不清?
提交回复
热议问题