1. Create a CA certificate configuration CA.cnf file
[ req ] distinguished_name = req_distinguished_name x509_extensions = root_ca [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = CN countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = HuBei localityName = Locality Name (eg, city) localityName_default = WuHan 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Development CA organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Development CA commonName = Common Name (eg, fully qualified host name) commonName_default = Development CA Certification Authority commonName_max = 64 emailAddress = Email Address emailAddress_default = [email protected] emailAddress_max = 64 [ root_ca ] basicConstraints = critical, CA:true 2. Create the ssl certificate cert.cnf file distinguished_name = req_distinguished_name [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = CN countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = HuBei localityName = Locality Name (eg, city) localityName_default = WuHan 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Development Server organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Development Server commonName = Common Name (eg, fully qualified host name) commonName_default = Development Server Certificate commonName_max = 64 emailAddress = Email Address emailAddress_default = [email protected] emailAddress_max = 64
3. Create the ssl certificate subjectName description file cert.ext
subjectAltName = @alt_names extendedKeyUsage = serverAuth [alt_names] DNS.1 = localhost DNS.2 = 127.0.0.1
4. Create a CA+SSL certificate
# Generate CA certificate openssl req -x509 -newkey rsa:4096 -out CA.cer -outform PEM -keyout CA.pvk -days 3650 -verbose -config CA.cnf -nodes -sha256 # Generate certificate request file openssl req -newkey rsa:4096 -keyout cert.pvk -out cert.req -config cert.cnf -sha256 -nodes #generate certificate openssl x509 -req -CA CA.cer -CAkey CA.pvk -in cert.req -out cert.cer -days 3650 -extfile cert.ext -sha256 -set_serial 0x1111
Import the generated CA.cer into the trusted root certificate authority of the system, configure the cert certificate to the application server, and then access the application server through https
After configuring subjectName, Chrome will no longer report Subject Alternative Name Missing & ERR_SSL_VERSION_OR_CIPHER_MISMATCH error