I'm running my own CA. My new cert's desired CSR has CN papaya. I'm looking to add some local domain structure with subjectAltName, but browsers are rejecting the added domains.
This is my openssl.cnf used for signing:
[req]
default_md = sha256
req_extensions = v3_req
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = papaya
DNS.2 = *.papaya
DNS.3 = localhost
Connecting to https://localhost or https://whatever.papaya then makes Firefox 45 puke with
localhost uses an invalid security certificate.
The certificate is only valid for the following names: papaya, *.papaya, localhost
Error code: SSL_ERROR_BAD_CERT_DOMAIN
I'd say this is some confusing stuff, since the error message seems to indicate everything is correct. Only https://papaya works though.
To add to the confusion, on Chrome 49, https://localhost also works. Unfortunately https://whatever.papaya still does not.
I've used this exact procedure to output multiple real-world FQDN certs, but never for local single word domains, hence the confusion.
What am I missing?
