How do I create/install self-signed SSL cert on local Windows virtualhost dev machine that Chrome will trust? [duplicate]

Question

As the titles says. I'm starting to add Service Workers to a site, and in order to work they require a valid SSL cert. I've had my local dev server delivering over https with a self-signed cert for a while, albeit with Chrome giving the "Not secure" message that I've just been ignoring until now. I've seen a lot of similar questions on here (using localhost), but nothing matching my exact setup (using virtual hosts on localhost), and nothing I've tried has worked.

I'll describe my setup:

• This is for a local dev machine. I don't need anything super secure. I just need Chrome to trust it.
• My dev stack is Apache on Windows 10 (running PHP and ColdFusion).
• I have multiple sites set up locally (127.0.0.1) with Apache virtual hosts, e.g.:
  • https://michael.domain1.com (local dev copy of www.domain1.com)
  • https://michael.domain2.com (local dev copy of www.domain2.com)
  • etc...
• To get https working on each of those I used the Win64 OpenSSL v.1.1.0e installer from Shining Light Productions and set up a certificate for each domain in my Apache httpd-vhosts.conf.
• I used the following create my cert: openssl req –x509 –nodes -sha256 –days 3650 –newkey rsa:2048 –keyout michael.domain1.key –out michael.domain1.crt -subj "/C=US/ST=Michigan/L=SomeCity/O=CompanyName/OU=Dev/CN=michael.domain1.com"
• I opened up the .crt file my virtual host is using and installed it to the Windows Trusted Root Certification Authorities.
• (All of this up until this point has been working fine. I can access the site over https://michael.domain1.com, but I see Chrome's "Not secure" message.)

In Chrome Dev Tools Security tab, I have two errors:

• Subject Alternative Name Missing: The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.
  • How do I add this? But also for my setup, what do I use for the value? Is it supposed to be michael.domain1.com?
• Certificate Error: There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).
  • Is michael.domain1.com not the correct value for this? Am I adding it in the right place with my openssl command above?

Thank you.

Answer 1

I finally got it! This somewhat buried comment by Drakes is what helped me generate proper cert files using a .sh file. I'm not exactly sure what did it for me in the end, but I did end up with slightly different named files than I had before. I now have michael.domain1.com.cer instead of michael.domain1.cer. The new cert file fixed the Subject Alternative Name Missing and the ERR_CERT_COMMON_NAME_INVALID errors in Chrome Dev Tools Security tab, but I did have a new error about it being an untrusted authority. I then imported the same file a couple different ways into the Trusted Root Authority using both Windows and Chrome itself (you can import them from Chrome under Settings > Advanced > Manager certificates > Import). After I rebooted Apache one final time and closed and reopened Chrome, everything worked.