[Server][MacOs] Generate local SSL with SAN (Subject Alternative Name), works with Chrome 5.8+
Since version 58, Chrome requires SSL certificates to use SAN (Subject Alternative Name) instead of the popular Common Name (CN), thus CN support has been removed.
To create SSL with SAN, use steps as follows
/etc/apache2/ssl
).conf
file.conf
filesudo nano testhttps.local.conf
[ req ]
default_bits = 2048
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = NY
localityName = Locality Name (eg, city)
localityName_default = New York
organizationName = Organization Name (eg, company)
organizationName_default = Example, LLC
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = Example Company
emailAddress = Email Address
emailAddress_default = test@example.com
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = testhttps.local
sudo openssl req -config testhttps.local.conf -new -sha256 -newkey rsa:2048 -nodes -keyout testhttps.local.key -x509 -days 365 -out testhttps.local.crt
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:testhttps.local
Email Address []:
cd /etc/apache2/other
subl local.testhttps.conf
SSLCertificateFile
and SSLCertificateKeyFile
<VirtualHost *:443>
ServerName testhttps.local
DocumentRoot "/Users/qutek/LocalServer/TEST/testhttps.local"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/testhttps.local.crt
SSLCertificateKeyFile /etc/apache2/ssl/testhttps.local.key
<Directory "/Users/qutek/LocalServer/TEST/testhttps.local">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
sudo apachectl restart
Reference Deliciousbrains