Invalid self-signed certificate

Question

I'm trying and failing to create a self-signed certificate. What I'm trying to achieve is to test a webpage with webworker on my mobile and for this I do need https. But for the time being I'm trying to run it locally on my pc.

I'm using openssl on Windows (I'm using v1.1.0 light version from here).

I'm installing CA certificate on my machine and I'm serving the page with browser-sync https options providing cert and key.

Error I'm getting is NET::ERR_CERT_INVALID. What may be the invalid part?

Commands I'm running:

openssl genrsa -des3 -out CA.key 2048
openssl req -x509 -new -nodes -key CA.key -sha256 -days 182 -out CA.pem -config ca.cfg
openssl x509 -outform der -in CA.pem -out CA.crt
openssl genrsa -out dev.key 2048
openssl req -new -key dev.key -out dev.csr -config dev.cfg
openssl x509 -req -in dev.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out dev.crt -days 1825 -sha256 -extfile dev.ext
openssl pkcs12 -export -in dev.crt -inkey dev.key -out dev.p12

CA.cfg:

[ req ]

default_bits        = 2048
default_keyfile     = server-key.pem
distinguished_name  = subject
req_extensions      = req_ext
x509_extensions     = x509_ext
string_mask         = utf8only

[ subject ]

countryName                 = Country Name (2 letter code)
countryName_default         = PL

stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = PL

localityName                = Locality Name (eg, city)
localityName_default        = PL

organizationName            = Organization Name (eg, company)
organizationName_default    = Example Organization

commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_default          = Example Division

emailAddress                = Email Address
emailAddress_default        = test@example.com

[ x509_ext ]

subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer

keyUsage               = digitalSignature, keyEncipherment
subjectAltName         = @alternate_names

[ req_ext ]

subjectKeyIdentifier = hash

keyUsage             = digitalSignature, keyEncipherment
subjectAltName       = @alternate_names

[ alternate_names ]

DNS.1       = 192.168.0.17

dev.cfg

[ req ]

default_bits        = 2048
default_keyfile     = server-key.pem
distinguished_name  = subject
req_extensions      = req_ext
x509_extensions     = x509_ext
string_mask         = utf8only

[ subject ]

countryName                 = Country Name (2 letter code)
countryName_default         = PL

stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = PL

localityName                = Locality Name (eg, city)
localityName_default        = PL

organizationName            = Organization Name (eg, company)
organizationName_default    = Example Organization

commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_default          = Example Division

emailAddress                = Email Address
emailAddress_default        = test@example.com

[ x509_ext ]

subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer

keyUsage               = digitalSignature, keyEncipherment
subjectAltName         = @alternate_names

[ req_ext ]

subjectKeyIdentifier = hash

keyUsage             = digitalSignature, keyEncipherment
subjectAltName       = @alternate_names

[ alternate_names ]

DNS.1       = 192.168.0.17

dev.ext:

authorityKeyIdentifier=keyid,issuer
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = 192.168.0.17

Answer 1

It seems I've lost hope to quick with posting this question. I found this solution to work.

Providing both dns (localhost) and ip (e.g. 192.168.0.17) works on the Windows machine.