I created a self-signed certificate using the following command using OpenSSL 1.1.1b (26 Feb 2019):
openssl req -nodes -new --days 900 -subj /CN=192.168.0.104:8080 -x509 -keyout server.key -out server.crt
I then used windows mmc imported the resulting server.crt into Console Root -> Certificates - Current User -> Trusted Root Certification Authorities -> Certificates
When I go to the page in chrome tho at 192.168.0.104:8080, it tells me the page is "Not Secure" (tho if I look at the certificate info, the Certificate Status under Certification path says "This certificate is OK."
I did a similar process on my android phone, uploading it to my phone, adding the certificate in the Encryption & credentials settings section.
However, when I go to the page, it tells me the "server's certificate does not match the URL".
What am I doing wrong here?
I'm now using the req.conf
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
C = US
ST = CA
L = Belmont
O = N/A
OU = N/A
CN = 192.168.0.104
subjectAltName = @alt_names
DNS.0 = localhost
IP.0 = 192.168.0.104
And creating the certificate and key with:
openssl req -x509 -nodes -days 999 -newkey rsa:2048 -keyout server.key -out server.crt -config req.conf
Then I restarted chrome on windows (I can't believe restarting programs for settings to take effect is still necessary in 2019). Windows chrome then recognizes it fine.
However on android, I can't even install this certificate - it tells me "Private key required to install a certificate". This is even more confusing.