Self Signed Certificate 即便在OS里设为

Security Changes in Chrome 58: Common Name Support Dropped.
Read more at https://www.thesslstore.com/blog/security-changes-in-chrome-58/

Chrome 从版本58开始，不再支持Common Name字段，如果证书SANs中没有列出相应的DNS名或IP，证书将不会得到Chrome的信任。

那我们如何生成带有SANs的证书呢？大致操作如下：

1. 创建配置文件,比如ca.conf

[req]
default_bits = 2048
prompt = no
default_md = sha256
x509_extensions = v3_req
distinguished_name = dn

[dn]
C = CN
ST = Beijing
L = Beijing
O = AXESDN
CN = AXESDN

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.0 = localhost
DNS.1 = company.com
IP.0 = xxx.xxx.xxx.xxx
IP.1 = yyy.yyy.yyy.yyy

确保alt_names section包含你所需要的DNS名和IP。

2. 用配置文件ca.conf创建证书

openssl req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout company.com.key -days 3560 -out company.com.crt -config ca.cnf

然后在OS上把证书设为trust，Chrome就不会有警告了。