I have a small test website that I'm trying to serve over https to an Android emulator on a webview. I've been generating self signed certs on my machine and importing them into my emulator's certificate store but I keep getting invalid common name errors when I load the page on the webview.
Because Android emulators exist behind a virtual firewall, they don't have access to the same network interfaces that the development machine does. I can't just load localhost from the emulator and have it go to the 127.0.0.1 loopback address. Instead, it is aliased as 10.0.2.2 on the emulator.
When I create the self signed cert, in the configuration file (as instructed from this question), I set the domain to localhost and set 10.0.2.2 as a SAN, but I still am not able to correctly load the https version of the website from my emulator. What might I be doing wrong?
My partial cnf file (Taken mostly from the top answer on this question):
...
[ subject ]
...
commonName = localhost
emailAddress = me@home.com
...
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = 127.0.0.1
DNS.2 = 10.0.2.2
The way that I ended up solving this problem was a bit of a hack. I added a new subdomain to my corp's public DNS and reverse proxied it to 127.0.0.1 and replaced the CN in the cert with the new domain.
Eg New domain - abc.xyz-corp.com. When my emulator tries to access that domain, it'll go to the corp's dns and be sent to 127.0.0.1 and resolve to the webapp hosted there.