Update Auto-Generated SSL Certificates


  • | 589 points

    Currently, if you import the certificate generated by laragon you will get the following error in Chrome because it is missing the Subject Alternative Name:

    NET::ERR_CERT_COMMON_NAME_INVALID

    Below I have included the command and the openssl.cnf file to fix this issue.

    • Replace URL in openssl.cnf and the command below

    openssl.cnf

    [ req ]

    default_bits = 2048
    default_keyfile = server-key.pem
    distinguished_name = subject
    req_extensions = req_ext
    x509_extensions = x509_ext
    string_mask = utf8only

    [ subject ]

    countryName = Country Name (2 letter code)
    countryName_default = SG

    stateOrProvinceName = State or Province Name (full name)
    stateOrProvinceName_default = Singapore

    localityName = Locality Name (eg, city)
    localityName_default = Singapore

    organizationName = Organization Name (eg, company)
    organizationName_default = Laragon

    commonName = Common Name (e.g. server FQDN or YOUR name)
    commonName_default = URL.dev

    emailAddress = Email Address
    emailAddress_default = example@URL.dev

    [ x509_ext ]

    subjectKeyIdentifier = hash
    authorityKeyIdentifier = keyid,issuer

    basicConstraints = CA:FALSE
    keyUsage = digitalSignature, keyEncipherment
    subjectAltName = @alternate_names
    nsComment = "OpenSSL Generated Certificate"

    [ req_ext ]

    subjectKeyIdentifier = hash

    basicConstraints = CA:FALSE
    keyUsage = digitalSignature, keyEncipherment
    subjectAltName = @alternate_names
    nsComment = "OpenSSL Generated Certificate"

    [ alternate_names ]

    DNS.1 = URL.dev

    Command

    openssl req -config openssl.cnf -new -sha256 -newkey rsa:2048 -nodes -keyout URL.dev.key -x509 -days 365 -out URL.dev.crt -subj "/C=SG/ST=Singapore/L=Singapore/O=Laragon/OU=IT/CN=URL.dev"

    Would it be possible to update the Auto-Generated SSL Certificates to include the Subject Alternative Name?


  • administrators
    | 70908 points

    @YummyTofu : I'll check and get back to you soon.


  • | 124 points

    Hi, I've also written a bash script to renew all the domain certificates SAN fields using OpenSSL. It's written for windows but if you comment out two lines (the certutil lines to update the certificates in the windows certificate store) then I think it should work with linux OSes too.

    https://gist.github.com/tpaksu/1a1c893bf23d3abc6ded45039bbe21d2

    1. copy this file to laragon/etc/ssl directory where the certificates reside.
    2. Navigate to laragon/etc/ssl
    3. run it
    4. restart apache & nginx

Log in to reply
 

Looks like your connection to Laragon was lost, please wait while we try to reconnect.