I am trying to connect to localhost over https so that I can use service workers. I have tried many solutions such as chrome flags as described in posts such as this, but none have worked. Finally, I used OpenSSL to make myself a certificate authority and sign my own certificate. However, despite everything running correctly Chrome (and other browsers) still rejected my certificate.
This was due to the lack of subject alternative names. I then added my IP address as an alternate name, but it was not accepted either - chrome told me that the "domain came from [IP address]", along with the error message ERR_CERT_COMMON_NAME_INVALID
What other subject alternative names can I use to prove my identity over localhost? (or alternatively, are there any other solutions?) I am using Apache with XAMPP.
The SAN must match the domain in the URL you use. If you use https://localhost
then there must be a SAN of type DNS with value localhost
. If you use https://127.0.0.1
then there must be a SAN of type IP with value 127.0.0.1
. Not the importance of the correct type and not only of the value.
I use localhost as the common name. From my understanding the SAN must be different but still refer to the same domain ...
No. The CN is actually irrelevant and will usually not even be looked at if a SAN is given (or in case of Chrome: it will never look at the CN and requires always SAN). So just make sure that the SAN is correct.