Chrome 58 and self signed SSL certificate
Chrome have introduced changes that broke our SSL certificate that we use for local development.
We were welcomed by the message NET::ERR_CERT_COMMON_NAME_INVALID
After a few hours of banging our heads against the desk and some successful googling, Federico and I have found a way to regenerate our certificates and please Chrome 58.
This certificate works as a wildcard certificate for our development hostname carwow.local
Generate Certificate:
openssl req \
-key carwow.local.key\
-x509 \
-nodes \
-new \
-out carwow.local.crt \
-subj "/CN=*.carwow.local" \
-reqexts SAN \
-extensions SAN \
-config <(cat /usr/lib/ssl/openssl.cnf \
<(printf '[SAN]\nsubjectAltName=DNS:*.carwow.local')) \
-sha256 \
-days 3650After adding the new certificate to Nginx and OSX Key manager our site works again without annoying ssl errors:
I hope this article will avoid developer pain all over the world. Thanks to Federico for going through the pain!
If you like to bang your head with us now and then, and normally work on a challenging web product, apply for a job at carwow
