Chrome shows site as "Not Secure" (Cert Invalid), but certificate is correct

I have a self-generated CA, and a generated certificate. The certificate is valid:

» openssl verify -verbose -x509_strict -CAfile rootCA.pem mysite.bundle.crt mysite.bundle.crt: OK 

The root CA is installed in my system (Ubuntu 16.04), and curl is able to validate the cert:

curl 

No complains here.

I can verify the cert chain in the running site, and everything seems ok, including the SAN entries:

» openssl s_client -showcerts -servername mysite -connect mysite:443 </dev/null 2> /dev/null | openssl x509 -noout -text | grep DNS: DNS:mysite 

But Chrome still complains. What could be the reason?

EDIT

Adding screenshot

enter image description here

2

1 Answer

Contrary to curl or s_client neither Chrome nor Firefox use the systems CA store on Ubuntu. They have their own trust store and you need to import the CA certificate into their specific store in order to be treated as trusted. To access the trust store of Chrome use chrome://settings/certificates.

6

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like