I've created a self-signed SSL certificate for local development. When accessing the page, I get a NET::ERR_CERT_AUTHORITY_INVALID error. But when I try to import it into Chrome (chrome://settings/certificates), it fails:
The file contained one certificate, which was not imported:
- mylocalwebapp.dev: Not a Certification Authority
This is the command I've ran to create the certificate:
openssl req -new -x509 -nodes \
-extensions SAN \
-reqexts SAN \
-days 365 \
-newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt \
-config <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:mylocalwebapp.dev'))
I've added the SAN-options because as of version 58, Chrome doesn't accept it without SAN. It worked on Chrome 57 and it still works on Firefox.
How can I get my self-signed certificate working on Chrome 58 on Ubuntu 17.04?
Best Answer
Just to make sure we're covering our bases... Have you tried the processes outlined here? https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate
That used to work for me, but as of this morning, after updating to Chrome 58.0.3029.81, I also get the following error in the console for a self-signed cert that used to work on Ubuntu 16.04:
EDIT:
I've just had success with one of the methods from the link I referenced above. It completely goes around Chrome because it seems like something has changed with Chrome and it's not working right anymore.
To dump the cert using OpenSSL client (probably not necessary, but in case you want to be very thorough):
To install the dumped cert using
certutil. If you didn't dump your cert with openssl, replacemy-certwith whatever filename is appropriate:Check the installation of the cert with
certutil(if you feel so inclined):Completely close and restart Chrome, and maybe you will find success. Worked for me on both 58 and 59-beta.