Learning how to work with certificates, maybe will have local CA server. I have server with BMC, so I used it for practicing. Generated CA pair then host pair and then signed host CSR with CA pair to get host crt. I uploaded CA crt to chrome trusted keys repository and host pair to BMC.
Now when I go to the server, I can see that BMC returns correct crt, but chrome shows that connection is not secure. Reason is ERR_CERT_COMMON_NAME_INVALID.
However when I click to "Certificate is not valid" I can see both keys and signed certificate is shown as "This certificate is OK.". DNS name used in url = COMMON name. At the same time, for Firefox no problem, it is good with my certs. What may be wrong?
Used this sequence:
openssl genrsa -out CAKEY.pem 2048
#CA CERTIFICATE (used in browser). Common name: ca.mydomain.com
openssl req -x509 -sha256 -new -nodes -key CAKEY.pem -days 3650 -out CACERT.pem -addext "subjectAltName = DNS:ca.mydomain.com"
#HOST KEY (uploaded to BMC), I need to turn off here password protection, BMC doesn't like password
openssl genrsa -out HOSTKEY.pem 2048
#HOST CSR. Common name: host1.mydomain.com
openssl req -new -key HOSTKEY.pem -out HOSTCSR.pem -addext "subjectAltName = DNS:host1.mydomain.com"
#SIGN (uploaded to BMC)
openssl x509 -req -CA CACERT.pem -CAkey CAKEY.pem -in HOSTCSR.pem -out HOSTCRT.PEM -days 3650 -CAcreateserial