Why do self-signed certificates cause browser warnings about subject alternative names, and how can I fix it?

Self-signed certificates generated without a configuration file often lack the Subject Alternative Name (SAN), which modern browsers require. To add SAN, create a `req.cnf` file specifying the domain under `[alt_names]`, then generate the certificate using `openssl req -x509 ... -config req.cnf`. This ensures the certificate includes SAN for the domain (e.g., `test.com`), making it trusted after installing the CA certificate on the client.