I've got pihole set up at home, so I want to be able to handle requests for any website with my own server, to show a "this site has been blocked" page.
I'm attempting to do this by creating a self-signed certificate for any url and installing this on my device. The commands I used to generate the certificate:
openssl genrsa 2048 > pihole.key
openssl req -new -x509 -nodes -days 36500\
-key pihole.key \
-subj "/C=NL/ST=Utrecht, Inc./CN=*" \
-reqexts SAN \
-config <(cat /etc/ssl/openssl.cnf \
<(printf "\n[SAN]\nsubjectAltName=DNS:*,DNS:*")) \
-out pihole.cert
openssl x509 -noout -fingerprint -text < pihole.cert > pihole.info
cat pihole.cert pihole.info > pihole.pem
service apache2 reload
I've installed this certificate on my windows device, and windows shows that it's a valid certificate.
However, chrome gives me a NET::ERR_CERT_COMMON_NAME_INVALID
, and edge gives me a similar error (DLG_FLAGS_SEC_CERT_CN_INVALID
)
Why is this? Is CN = *
just not allowed? How could I achieve what I want?