1. Generate the CSR file corresponding to the domain name
It is recommended to use online tools to generate directly, link: https://www.chinassl.net/ssltools/generator-csr.html
2. Save the generated CSR file and key
3. Create an openssl configuration file to add alternate name fields
$ cat ssl.cnf basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = www.axiba.com
4. Generate a certificate based on CSR, key, and configuration file
openssl x509 -signkey www.axiba.com_key.txt -in www.axiba.com_csr.txt -extfile ssl.cnf -req -days 36500 -out www.axiba.com.crt
5. Import into the system for authentication
MAC: Double-click the certificate file to import it into the keychain
WIN:
6. Open the browser to visit the domain name of the certificate just configured, and you're done!
Label: NET::ERR_CERT_COMMON_NAME_INVALID