I have setup Nginx reverse proxy pretty much sucesfully but I have some issue with self-signed certificate. I get this error in webbrowser: NET::ERR_CERT_COMMON_NAME_INVALID
Source of my problem is that - my certificate needs to contains subject alternative names to be able to work properly in modern webbrowser. Here is how I fix it
I’ve create new file called req.conf in /etc/ssl/
sudo touch /etc/ssl/req.conf
paste this inside (delete my remarks below with #…):
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = PL #country code
ST = Lower Silesia #state code
L = Wroclaw #city
O = openhab #system name from openhab (sudo openhabian-config > system setings > hostname - “openhab” in my case)
OU = openhab #as above
CN = openhab #as above
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = openhab #as above
DNS.2 = openhab #as above
DNS.3 = openhab #as above
then i use this file to create self signed cert in location which is already set up in nginx:
Then i copy my new certificate to html location just to reach it easaly
sudo cp openhab.crt /etc/openhab2/html
Copy pase it from above location to my desktop and install it as trusted main authority - as local computer not user.
You can check if it is present in this warehouse - cmd > certlm and press actions “find certificate”
Now clear casche from webbroweser and use proper address to be able to reach your openhab serwer - https://openhab in my example.
But - what I do not know - is how to do this with certian IP address to be able to see it as secure connection.