0

My system is Linux Mint 19.1, Chromium browser.

Having hard time with that red information bar at browser address. I have a web server that has my certificate and a key. The certificate pair generated like so:

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout my_file.key -out my_file.crt \
      -subj /CN=AMAZON_ADDRESS.compute.amazonaws.com\
      -addext subjectAltName=DNS:AMAZON_ADDRESS.amazonaws.com,IP:xxx.xxx.xxx.xxx

The Chromium browser connects to my https address but still rejects the certificate with:

This server could not prove that it is 18.220.1.136; 
its security certificate is not trusted by your computer's operating system.

I have tried numerous suggestions found on the internet and SO sites.

1) Add the certificate to NSS DB, as found here: https://chromium.googlesource.com/chromium/src/+/HEAD/docs/linux_cert_management.md

certutil -d sql:/home/MYLAP/.pki/nssdb/ -A -t "P,," -n xxx.xxx.xxx.xxx -i my_file.crt

2) Import the certificate with Chromium menu.

3) Add the certificate to my OS trusted certificates by putting it in /usr/share/ca-certificates directory and running update-ca-certificates

The above actions still get me to Chromium browser warning. My question is, how to properly generate certificate pair and add it to the browser trust chain?

user14063792468
  • 131
  • 1
    Possible duplicate of https://superuser.com/questions/1296596/how-can-i-get-chrome-accepting-self-signed-certificates? Did you restart Chromium? – garethTheRed Jul 17 '19 at 09:33
  • Somehow related, yes. But as I have mentioned is the question, I did all the steps and it not helped. Also the question you mentioned dates to 2018. Please read the question carefully before posting a duplicate. And yes I did restart Chromium and the OS. – user14063792468 Jul 17 '19 at 10:45
  • Did you set Trust this certificate for identifying websites in the certificate's settings? – mat Jul 25 '19 at 08:53
  • @mat please tell me how to add this option. Is this OpenSSL setting for certificate generation? – user14063792468 Jul 26 '19 at 12:49
  • No, its a browser setting. For every certificate in your browser's trust store you set trust settings which specify what the certificacte should be used for. – mat Jul 26 '19 at 12:50
  • @mat Can you point me how to do it? My attempts did not work. – user14063792468 Jul 26 '19 at 17:51
  • @mat I used browser import certificate feature. The certificate was added but the warning still shows up. – user14063792468 Jul 26 '19 at 18:14
  • In Chromium: Open Settings -> Manage Certificates. Search for the certificate authority that makes problems and click Edit. In that window you can set the Trust settings where you activate the checkbox for identifying webseites – mat Aug 06 '19 at 09:15
  • @mat I've tried the Chtomium settings way earlier. Still does not work. I wrote that in my answer. – user14063792468 Aug 11 '19 at 12:11

0 Answers0