This tool lets you generate self-signed certificates (for development use) using OpenSSL v1.1.1d that contain the
subjectAltName which Chrome 58 now requires.
When you click generate you'll get a ZIP archive with a certificate and RSA key file that you can simply extract into a folder and use in your web server setup. Just make sure to add it to the certificates that the system trusts.
In case you need it, here's the PEM file for the generic localhost CA this server uses: rootCA.pem (expires )
If you used this site to generate certificates before 1st April 2020 then the previous
rootCA.pem file expired as of that date. Please generate the certificate again and re-import the new
rootCA.pem file into your system and/or browser.
This service is provided as-is without any liability or warranty, use at your own risk. By the way, XCA is a great GUI that allows you to do the same this service does, so you can give it a try if you don't trust me.