Subject Alternative Name Missing & ERR_SSL_VERSION_OR_CIPHER_MISMATCH Subject Alternative Name Missing & ERR_SSL_VERSION_OR_CIPHER_MISMATCH google-chrome google-chrome

Subject Alternative Name Missing & ERR_SSL_VERSION_OR_CIPHER_MISMATCH


google-chrome ssl openssl localhost ssl-certificate

I suggest the following solution: create self-signed CA certificate and the web server certificate signed by this CA. When you install this small chain to your web server it will work with Chrome.

Create configuration file for your CA MyCompanyCA.cnf with contents (you can change it to your needs):

[ req ]distinguished_name  = req_distinguished_namex509_extensions     = root_ca[ req_distinguished_name ]countryName             = Country Name (2 letter code)countryName_min         = 2countryName_max         = 2stateOrProvinceName     = State or Province Name (full name)localityName            = Locality Name (eg, city)0.organizationName      = Organization Name (eg, company)organizationalUnitName  = Organizational Unit Name (eg, section)commonName              = Common Name (eg, fully qualified host name)commonName_max          = 64emailAddress            = Email AddressemailAddress_max        = 64[ root_ca ]basicConstraints            = critical, CA:true

Create the extensions configuration file MyCompanyLocalhost.ext for your web server certificate:

subjectAltName = @alt_namesextendedKeyUsage = serverAuth[alt_names]DNS.1   = localhostDNS.2   = mypc.mycompany.com

Then execute the following commands:

openssl req -x509 -newkey rsa:2048 -out MyCompanyCA.cer -outform PEM -keyout MyCompanyCA.pvk -days 10000 -verbose -config MyCompanyCA.cnf -nodes -sha256 -subj "/CN=MyCompany CA"openssl req -newkey rsa:2048 -keyout MyCompanyLocalhost.pvk -out MyCompanyLocalhost.req -subj /CN=localhost -sha256 -nodesopenssl x509 -req -CA MyCompanyCA.cer -CAkey MyCompanyCA.pvk -in MyCompanyLocalhost.req -out MyCompanyLocalhost.cer -days 10000 -extfile MyCompanyLocalhost.ext -sha256 -set_serial 0x1111

As result you will get MyCompanyCA.cer, MyCompanyLocalhost.cer and MyCompanyLocalhost.pvk files that you can install to the web server.

How to check that it works with Chrome before installing certificates to the web server. Execute the following command on your local PC to run web server simulator:

openssl s_server -accept 15000 -cert MyCompanyLocalhost.cer -key MyCompanyLocalhost.pvk -CAfile MyCompanyCA.cer -WWW

Then you can access this page at https://localhost:15000/ You will see an error that MyCompanyLocalhost.cer is not trusted, if you want to eliminate this error also - then install MyCompanyCA.cer to the certificate trusted list of your OS.

google-chrome ssl openssl localhost ssl-certificate

Thanks Oleg for nice solution.In my case, the URI is specified as an IP address rather than a hostname, finally, i get the solution from here.

I edit @Oleg's MyCompanyLocalhost.ext, from 

subjectAltName = @alt_namesextendedKeyUsage = serverAuth[alt_names]DNS.1   = localhostDNS.2   = mypc.mycompany.com

to

subjectAltName = @alt_namesextendedKeyUsage = serverAuth[alt_names]DNS.1 = domain.com # IP addressIP.1 = 192.168.2.221IP.2 = 127.0.0.1

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last