Skip to content

Instantly share code, notes, and snippets.

@NeilJS
Last active March 2, 2023 20:20
Show Gist options
  • Save NeilJS/1f66fc49fce5869620b531c5577c2f18 to your computer and use it in GitHub Desktop.
Save NeilJS/1f66fc49fce5869620b531c5577c2f18 to your computer and use it in GitHub Desktop.
Generate self-signed ssl cert (Virtualbox Ubuntu) - fix for Chrome 58 requirement for subjectAltName / Subject Alternative Name
# Update refs to .example.com
sudo su
openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -new -out /etc/apache2/ssl/apache.crt -subj /C=GB/ST=London/L=London/O="Company Name"/OU=Team/CN=www.example.com -reqexts SAN -extensions SAN -config <(cat /usr/lib/ssl/openssl.cnf <(printf '[ SAN ]\nsubjectAltName=DNS:www.example.com,DNS:example.com,DNS:*.example.com'))
exit
sudo service apache2 restart
# On Windows, trust the certificate: save the new certificate from Chrome to desktop (via Devtools > Security > View > Details > Copy to file; use DER option)
# May need to delete any previously imported certificates via mmc (on Windows)
# Run mmc; add the Certificates snap-in; import from desktop to 'Trusted Roots Certification Authorities' and also 'Other People'
# May need to clear Chrome history + SSLs (Settings > Network > Change proxy settings... > Content > Clear SSL state)
#-keyout /etc/apache2/ssl/apache.key may instead be -keyout /etc/ssl/private/www.example.com.key
#-out /etc/apache2/ssl/apache.crt may instead be -out /etc/ssl/certs/www.example.com.crt
# ^ Above two lines depend on path - this path may be defined in the vhosts file, eg: /etc/apache2/sites-available/example.ssl.conf
# - look for SSLCertificateFile and SSLCertificateKeyFile
# If there is no other location for ssl certificates, create an ssl folder: sudo mkdir /etc/apache2/ssl
# If certificate still appears to be issued by ubuntu then it is likely that the default-ssl.conf file is also still in use. Disable it: sudo a2dissite default-ssl.conf
# Links...
# https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
# http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl/27931596#27931596
Alt (vm2):
openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/www.example.com.key -new -out /etc/ssl/certs/www.example.com.crt -subj /C=GB/ST=London/L=London/O="Company Name"/OU=Team/CN=*.example.com -reqexts SAN -extensions SAN -config <(cat /usr/lib/ssl/openssl.cnf <(printf '[ SAN ]\nsubjectAltName=DNS:www.example.com,DNS:example.com,DNS:*.example.com'))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment