Generate self-signed CA+SSL certificate

1. Create a CA certificate configuration CA.cnf file

[ req ]
distinguished_name  = req_distinguished_name
x509_extensions     = root_ca

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = CN
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = HuBei
localityName                    = Locality Name (eg, city)
localityName_default            = WuHan
0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Development CA
organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Development CA
commonName                      = Common Name (eg, fully qualified host name)
commonName_default              = Development CA Certification Authority
commonName_max                  = 64
emailAddress                    = Email Address
emailAddress_default            = [email protected]
emailAddress_max                = 64

[ root_ca ]
basicConstraints            = critical, CA:true
　　

2. Create the ssl certificate cert.cnf file

distinguished_name  = req_distinguished_name

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = CN
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = HuBei
localityName                    = Locality Name (eg, city)
localityName_default            = WuHan
0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Development Server
organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Development Server
commonName                      = Common Name (eg, fully qualified host name)
commonName_default              = Development Server Certificate
commonName_max                  = 64
emailAddress                    = Email Address
emailAddress_default            = [email protected]
emailAddress_max                = 64

 

3. Create the ssl certificate subjectName description file cert.ext

subjectAltName = @alt_names
extendedKeyUsage = serverAuth

[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1

 

4. Create a CA+SSL certificate

# Generate CA certificate
openssl req -x509 -newkey rsa:4096 -out CA.cer -outform PEM -keyout CA.pvk -days 3650 -verbose -config CA.cnf -nodes -sha256

# Generate certificate request file
openssl req -newkey rsa:4096 -keyout cert.pvk -out cert.req -config cert.cnf -sha256 -nodes

#generate certificate
openssl x509 -req -CA CA.cer -CAkey CA.pvk -in cert.req -out cert.cer -days 3650 -extfile cert.ext -sha256 -set_serial 0x1111

 

Import the generated CA.cer into the trusted root certificate authority of the system, configure the cert certificate to the application server, and then access the application server through https

After configuring subjectName, Chrome will no longer report  Subject Alternative Name Missing & ERR_SSL_VERSION_OR_CIPHER_MISMATCH  error