With this shell script I get a secured ssl connection for: https://whoami.lan in google chrome.
Script from: Getting Chrome to accept self-signed localhost certificate
#!/bin/bash
######################
# Become a Certificate Authority
######################
# Generate private key
openssl genrsa -des3 -out myCA.key 2048
# Generate root certificate
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 825 -out myCA.pem
######################
# Create CA-signed certs
######################
NAME=whoami.lan # Use your own domain name
# Generate a private key
openssl genrsa -out $NAME.key 2048
# Create a certificate-signing request
openssl req -new -key $NAME.key -out $NAME.csr
# Create a config file for the extensions
>$NAME.ext cat <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $NAME # Be sure to include the domain name here because Common Name is not so commonly honoured by itself
#DNS.2 = bar.$NAME # Optionally, add additional domains (I've added a subdomain here)
EOF
# Create the signed certificate
openssl x509 -req -in $NAME.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out $NAME.crt -days 825 -sha256 -extfile $NAME.ext
BUT I need it dynamically for ALL my .lan domains! If I change NAME=whoami.lan to NAME=*.lan, I get the certificate error: NET::ERR_CERT_COMMON_NAME_INVALID
In Firefox I get: SSL_ERROR_BAD_CERT_DOMAIN
Side nodes:
I'm using pi-hole as a home network DNS Server and traefik for reverse proxy. All dockerized
This script creates 3 important files:
whoami.lan.crtandwhoami.lan.keyfor the reverse proxy, andmyCA.pemwhich I add to the google chrome trusted root certificates. Chrome recognizes https://whoami.lan as ssl secured connection.There is a solution with changing chrome settings, but I don't like that way:
chrome://flags/#allow-insecure-localhostChanging
DNS.1: lan,DNS.2: *.landoesn't work too
