Before running the OpenSSL command to generate a self-signed certificate, we need to create a certificate configuration file which specifies the certificate bits and the Subject Alternative Names.
- The Subject Alt Names are required in Google Chrome 58 and later, and is used to match the domain name and the certificate.
- If the domain name is not listed in the certificate's Subject Alternative Names list, you'll get a NET::ERR_CERT_COMMON_NAME_INVALID error message.
Create a certificate configuration file zone.conf with the following content
Generate the certificate using OpenSSL
Configure Chrome to trust the certificate and to show the site as secure by adding above self-signed certificate into the Windows trusted CA root store.
Generate .PFX file from the Certificate and Private Key.