Chrome 58 and self signed SSL certificate

Chrome have introduced changes that broke our SSL certificate that we use for local development.

We were welcomed by the message NET::ERR_CERT_COMMON_NAME_INVALID

After a few hours of banging our heads against the desk and some successful googling, Federico and I have found a way to regenerate our certificates and please Chrome 58.

This certificate works as a wildcard certificate for our development hostname carwow.local

Generate Certificate:

openssl req \
-key carwow.local.key\
-x509 \
-nodes \
-new \
-out carwow.local.crt \
-subj "/CN=*.carwow.local" \
-reqexts SAN \
-extensions SAN \
-config <(cat /usr/lib/ssl/openssl.cnf \
<(printf '[SAN]\nsubjectAltName=DNS:*.carwow.local')) \
-sha256 \
-days 3650

After adding the new certificate to Nginx and OSX Key manager our site works again without annoying ssl errors:

I hope this article will avoid developer pain all over the world. Thanks to Federico for going through the pain!

If you like to bang your head with us now and then, and normally work on a challenging web product, apply for a job at carwow

Feeling social? Connect with us on Twitter and LinkedIn :-)