I am creating https server side that I am using to practice OAuth to Instagram which requires https.
I generated a certificate using ssl by running the script from the following link: https://gist.github.com/bjanderson/075fadfccdd12623ab935e57eff58eb4
The script ran just fine and I received all the expected files. I've imported the ca.crt to my chrome under the trusted root certification authorities but chrome still won't trust it. Is the import location appropriate since chrome has many different sections that ca.crt could be imported to.
I get the following errors:
Certificate – Subject Alternative Name missing The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.
Certificate – missing This site is missing a valid, trusted certificate (net::ERR_CERT_AUTHORITY_INVALID).
How do i fix these two issues and get my chrome to trust my self signed certificate?
Best Answer
The Subject Alternative Name is, as it says, where alternative names for the subject are listed. It is an improvement on the Subject field because it allows multiple subject names whereas Subject only allows one. Modern browsers only look at the Subject Alternative Name extension and ignore the Subject field.
To make a self-signed certificate that should work on modern browsers, create an OpenSSL config file similar to the following and save it as
openssl.cnf
:Run:
Add the
selfsigned.crt
to the trust-anchor store of your browser.If you now fix your DNS resolution (local DNS or
/etc/hosts
file) so thatwww.example.org
orwww.example.com
points to127.0.0.1
you can accesswww.example.com
orwww.example.org
without Chrome complaining.To test, run:
Point your browser to
https://www.example.org:8443
- you should get a list of available cipher-suites and some session information. You should not get a certificate warning.