Remove SSL warning with internal websites

I am using a signed SSL certificate generated by our internal CA. I have added subject alternative names so that myserver.example.net and myserver are both valid for the site. This works correctly in both Firefox and IE, but in Chrome users are still getting a warning message when they use the short name myserver.

My question is, Is there any way for users to use myserver without getting the SSL warning in Chrome?

Solution 1:

If you are using an internal (or non-custom) CA ,you have also the responsibility to distribute your CA-certificate to the applications in your organisation.
Some applications pick the certificate from a system wide configuration (e.g. /etc/ssl/certs below ubuntu). Other like Firefox, Chromium use an own (per application) configuration.

If it works for IE and Firefox, this task seems to be already done for some applications.

For chromium (below linux) you can do this with the following (bash) code fragment:

certificateFile="/etc/MY_CA.cert.pem"
certificateName="Snakeoil Ltd."
if test -d ~/.pki
then
  echo "install '${certificateName}' in for chromium in ~/.pki"
  certutil -A \
     -n "${certificateName}" \
     -t "TCu,Cuw,Tuw" \
     -i ${certificateFile} \
     -d sql:${HOME}/.pki/nssdb
 else
   echo "no user configuration for chromium found"
 fi

Some other useful hints for this task are covered here: http://www.computer42.org/xwiki-static/exported/DevNotes/xwiki.DevNotes.OpenSSL.html