I have a device that can generate its own keypair and a self-signed certificate based on those keys. It can then generate a CSR from that and I can export that from the device. I cannot influence the contents of the cert or the csr.
The "CommonName" it uses is based on the DeviceName which cannot contain any '.'
Now when I sign that CSR with my local/private CA, and import the final cert back into the device and then goto https://mydevice.local the browser will of course complain because the "CommonName" for the cert is "mydevice" without the local domain suffix.
Is there a config option for the openssl command so that the "CommonName" gets a pre-configured suffix like ".local" in this example? Also I would like to add the same String to "SubjectAltName" so that Chrome stops complaining as well.