A self-signed certificate that works with older version Chrome may not work with newer versions.
Here are the steps to create such a certificate and test it, done in Cmd console.
Create a signing request:
openssl.exe req -config riowingNetSelfSign.cnf -new -key smtpRioWing.key -out riowingNetSelfSign.csr
View request:
openssl.exe req -text -noout -in riowingNetSelfSign.csr > riowingNetSelfSignCsr.txt
Make the certificate:
openssl.exe x509 -req -days 7023 -extfile riowingNetSelfSign.cnf -extensions SAN -in riowingNetSelfSign.csr -signkey smtpRioWing.key -out riowingNetSelfSign.crt
View certificate:
openssl.exe x509 -in riowingNetSelfSign.crt -text -noout >riowingNetSelfSignCrt.txt
Import the certificate:
certmgr.msc import it to Trusted Root Certification Authorities, it shows up as riowing.netCN
Run a server to test the cert with https (
it can also be tested with nginx, by adding smtpRioWing.key and riowingNetSelfSign.crt to nginx.conf)
openssl.exe s_server -no_dhe -accept 8282 -www -key smtpRioWing.key -cert riowingNetSelfSign.crt
Test the cert with openssl:
echo -n | openssl.exe s_client -servername riowing.net -connect localhost:8282 -CAfile smtpRioWing.crt
Test the cert with Chrome. e.g. version 84 in my case: (can point to localhost or to real remote host)
https://RioWing.net/hls/a.html
File download (not including private key): http://riowing.net/p/wp/SelfSign.zip