To avoid the warning for a self signed certificate you will have to ask your clients to "install the certificate". Depending on which OS your users use, they will have to do different things.
Additionally since chrome 58 you need to ensure that the server's cert contains a subjectAltName with the proper DNS and/or IP entry/entries, even if it's just for a single host.
Mac OS X
Since Chrome doesn't show the certificate options next to the URL anymore, your users will have to open the developer tools (Option + Command + i) and go to the "Security" tab. Then click "View Certificate" and then drag the certificate image and drop it to any folder.
Next double click the cer file you've just saved and the Keychain Access will open.
Choose a keychain to store it and click "always trust".
If you're not being asked where to save it or if you should trust it, locate the newly added certificate (it should be at the top of your list), right click it, choose "get info" and then choose "Always trust" in the Trust tab, under "When using this certificate".
You could automate this with a script like this:
sudo security add-trusted-cert -p ssl -d -r trustRoot -k ~/Library/Keychains/login.keychain selfsigned.crt
Windows
Follow the same steps as on OS X to download the certificate, then click on Start and run the command certmgr.msc
Expand the tree to get to Trusted Root Certification Authorities | Certificates. Go to All Tasks, choose Import and import the certificate in question.
