Google-chrome – Chrome shows site as “Not Secure” (Cert Invalid), but certificate is correct

I have a self-generated CA, and a generated certificate. The certificate is valid:

» openssl verify -verbose -x509_strict -CAfile rootCA.pem mysite.bundle.crt
mysite.bundle.crt: OK

The root CA is installed in my system (Ubuntu 16.04), and curl is able to validate the cert:

curl https://mysite

No complains here.

I can verify the cert chain in the running site, and everything seems ok, including the SAN entries:

» openssl s_client -showcerts -servername mysite -connect mysite:443 </dev/null 2> /dev/null | openssl x509 -noout -text | grep DNS:
                DNS:mysite

But Chrome still complains. What could be the reason?

EDIT

Adding screenshot

Best Answer

Contrary to curl or s_client neither Chrome nor Firefox use the systems CA store on Ubuntu. They have their own trust store and you need to import the CA certificate into their specific store in order to be treated as trusted. To access the trust store of Chrome use chrome://settings/certificates.

EDIT

Best Answer

Related Solutions

Why can’t I verify this certificate chain

Related Question