How To Generate a Self-Signed SSL Certificate With SAN

For development and integration use cases you may need to create or renew a self-signed certificate and store the certificate to your web server host or pass the certificate to your target system to trust only connections from an app using the certificate.

If you are storing the certificate on your webserver and enabled only secured connection via HTTPS on your server.

Chrome may not recognize the SSL certificate as secure without SAN (Subject Alternative Name).

Prerequisite: You should have openssl installed on your machine. Check and download from https://www.openssl.org/source/

To create one in command do the following steps:

Create a configuration file: eg. req.cnf

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = NZ
ST = AU
L = Auckland
O = Quonsepto
OU = MyDivision
CN = localhost
[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost

Next from the terminal or command prompt run the following:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt -config req.cnf -sha256

You can then generated certificate and it should be compatible with Chrome.

Check this video for sample installing on a locally hosted node app.

Leave a Reply

Your email address will not be published. Required fields are marked *