Chrome not trusting self-signed cert

Ryan

2/9/23, 7:46 PM

I have mutual TLS enabled on my nginx reverse proxy. I can view the site only when I have the client cert and custom CA installed in my keychain. This works in Safari and Chrome. However, in Chrome it always says "This cert cannot be trusted" despite having trusted always options selected on both the CA and the client cert. How can I get chrome to trust the cert?

115

0 + 0

ssl

nginx

ssl-certificate

certificate-authority

dave_thompson_085

2/10/23, 1:45 AM

Dupe https://serverfault.com/questions/845766/generating-a-self-signed-cert-with-openssl-that-works-in-chrome-58 https://serverfault.com/questions/880804/can-not-get-rid-of-neterr-cert-common-name-invalid-error-in-chrome-with-self and others e.g. https://security.stackexchange.com/questions/172440/generate-x509-ERR_CERT_COMMON_NAME_INVALID https://stackoverflow.com/questions/61125319/node-js-self-signed-certificate-is-still-showing-as-not-trusted-in-my-browser . Yes, Chrome since 2017 requires SAN.

Score:0

Server

Ryan

2/9/23, 8:40 PM

The subject alt name wasn't defined. When generating the cert, I ran the following:

openssl x509 -req -days 365 -sha256 -in mydomain.com.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out mydomain.com.crt -extfile mydomain.com.ext

where I had:

mydomain.com.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = mydomain.com

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Chrome not trusting self-signed cert

TH: Chrome ไม่เชื่อถือใบรับรองที่ลงนามเอง

RO: Chrome nu are încredere în certificatul autosemnat

RU: Chrome не доверяет самоподписанному сертификату

VI: Chrome không tin tưởng chứng chỉ tự ký

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.