Self-signed ssl certificate doesn't work on mac OS Sierra

Question

I been trying all day long to get https work on my local website using self-signed ssl certificate.

I was following all the necessary instructions:

Generated .crt and .key files following the guide on https://devcenter.heroku.com/articles/ssl-certificate-self

Configured nginx to use ssl

listen 443;
ssl on;
ssl_certificate /usr/local/etc/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/server.key;

Added generated certificate into mac's keychain and checked it as 'Always trust'

But it didn't make https work and I keep getting Chrome's (or other browser's) "Your connection is not private"

mac OS Sierra 10.12.6, nginx installed via homebrew

What did I do wrong?

score 1 · Answer 1 · answered Aug 01 '17 at 17:33

1

For CHROME 58 onwards, the self-signed certification has to be properly generated. See https://stackoverflow.com/a/42917227/3930651.

answered Aug 01 '17 at 17:33

vookimedlo

113
3

Chrome's Security tab helped me to find out the problem. Thanks! – Alex Vasilev Aug 01 '17 at 17:48

score 0 · Answer 2 · answered Aug 01 '17 at 17:48

I looked in Security tab in Chrome's dev tools and it turned out that Chrome requires subjectAlternativeName to match your domain name (not only Common name)

The following solution worked to me Generating a self-signed cert with openssl that works in Chrome 58

Self-signed ssl certificate doesn't work on mac OS Sierra

2 Answers2