Skip to content

Instantly share code, notes, and snippets.

@vgoma
Last active December 13, 2017 05:56
Show Gist options
  • Save vgoma/7daeff345006c0f270c2b55e8620d833 to your computer and use it in GitHub Desktop.
Save vgoma/7daeff345006c0f270c2b55e8620d833 to your computer and use it in GitHub Desktop.
Generating self signed certificate for root domain and all subdomains considering Chrome's 58 security update

Generating self signed certificate for root domain and all subdomains considering Chrome's 58 security update

Chrome 58 dropped Common Name support checking in SSL certs. Now it uses Subject Alternative Name field.

To generate new self signed certificate for root domain and all subdomains for example.local domain considering Chrome's 58 security update do:

openssl req \
        -newkey rsa:2048 \
        -x509 \
        -nodes \
        -keyout -.example.local.key \
        -new \
        -out -.example.local.crt \
        -reqexts SAN \
        -extensions SAN \
        -config <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:*.example.local, DNS:example.local')) \
        -sha256 \
        -days 365

Answer on all questions as you want, but in Common Name say: *.example.local/CN=example.local.

Tested with nginx, apache, Windows XP, Linux, OS X, IE8+.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment