0

I am trying to connect to localhost over https so that I can use service workers. I have tried many solutions such as chrome flags as described in posts such as this, but none have worked. Finally, I used OpenSSL to make myself a certificate authority and sign my own certificate. However, despite everything running correctly Chrome (and other browsers) still rejected my certificate.

This was due to the lack of subject alternative names. I then added my IP address as an alternate name, but it was not accepted either - chrome told me that the "domain came from [IP address]", along with the error message ERR_CERT_COMMON_NAME_INVALID What other subject alternative names can I use to prove my identity over localhost? (or alternatively, are there any other solutions?) I am using Apache with XAMPP.

Toby
  • 45
  • 1
  • 7

1 Answers1

3

The SAN must match the domain in the URL you use. If you use https://localhost then there must be a SAN of type DNS with value localhost. If you use https://127.0.0.1 then there must be a SAN of type IP with value 127.0.0.1. Not the importance of the correct type and not only of the value.

I use localhost as the common name. From my understanding the SAN must be different but still refer to the same domain ...

No. The CN is actually irrelevant and will usually not even be looked at if a SAN is given (or in case of Chrome: it will never look at the CN and requires always SAN). So just make sure that the SAN is correct.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • I use `localhost` as the common name. From my understanding the SAN must be different but still refer to the same domain, hence why I used my IP address. Should I instead set the SAN to `https://localhost` as well? – Toby Mar 28 '21 at 08:50
  • @Toby: your understanding is wrong, see updated answer. – Steffen Ullrich Mar 28 '21 at 09:39
  • I have the SAN set to https://localhost, yet still get the same error message `ERR_CERT_COMMON_NAME_INVALID`, along with the message "This server could not prove that it is **localhost**; its security certificate is from **localhost**". I realize that I may now have a different problem than I realized, if Chrome doesn't simply accept by SAN. Do you have any other ideas? Or I will make a new post. – Toby Mar 29 '21 at 05:42
  • 1
    @Toby: I'm not sure what you are really doing, please provide the __exact__ certificate and __exact__ URL you are using? Note that the SAN should not be `https://localhost` but just `localhost`. – Steffen Ullrich Mar 29 '21 at 07:32
  • 1
    Changing the SAN to just `localhost` worked. Thank you so much, this has taken a lot of time. – Toby Mar 29 '21 at 19:58
  • Any names for WLAN network? Like wifi or hotspot? Same as LocalHost? Plz help anyone? – DiLDoST Apr 19 '23 at 01:34