Chrome shows site as "Not Secure" (Cert Invalid), but certificate is correct
I have a self-generated CA, and a generated certificate. The certificate is valid:
» openssl verify -verbose -x509_strict -CAfile rootCA.pem mysite.bundle.crt
mysite.bundle.crt: OK
The root CA is installed in my system (Ubuntu 16.04), and curl is able to validate the cert:
curl https://mysite
No complains here.
I can verify the cert chain in the running site, and everything seems ok, including the SAN entries:
» openssl s_client -showcerts -servername mysite -connect mysite:443 </dev/null 2> /dev/null | openssl x509 -noout -text | grep DNS:
DNS:mysite
But Chrome still complains. What could be the reason?
EDIT
Adding screenshot
Solution 1:
Contrary to curl or s_client neither Chrome nor Firefox use the systems CA store on Ubuntu. They have their own trust store and you need to import the CA certificate into their specific store in order to be treated as trusted. To access the trust store of Chrome use chrome://settings/certificates
.