Google-chrome – Getting Chrome to accept self-signed localhost certificate

The first VM is running in PVHVM mode, so QEMU is working with Xen to virtualize the hardware behind the VM. This mode is for OS that does not support Xen paravirtualization in general, like Windows and FreeBSD.

The second one is from a VM running in PV mode. In this mode, everything is paravirtualized. So there's no emulated BIOS. The booting process is defined by pygrub and this screen shows the options available in this mode. Commonly Linux VM's and 32 bits FreeBSD runs in this mode.

You can change to PVHVM and PV if supported by the guest OS.

As today appears to be a good ideia to run everything in PVHVM, even the hosts with full paravirtualization support. You can check some benchmarks over here: https://xen-orchestra.com/debian-pvhvm-vs-pv/

You can do that in one command:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365

You can also add -nodes (short for no DES) if you don't want to protect your private key with a passphrase. Otherwise it will prompt you for "at least a 4 character" password.

The days parameter (365) you can replace with any number to affect the expiration date. It will then prompt you for things like "Country Name", but you can just hit Enter and accept the defaults.

Add -subj '/CN=localhost' to suppress questions about the contents of the certificate (replace localhost with your desired domain).

Self-signed certificates are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a certificate authority (CA).