Chrome and update-ca-trust

ptselios · March 25, 2020, 11:49am

Hello,
I have created my own CA and intermediate CA (for lab purposes).
I have installed the Root CA in my Fedora 30

But, although the rootCA is shown in the out put of the trust command, Chrome insists that it cannot trust the page!
I receive the NET::ERR_CERT_AUTHORITY_INVALID error message.

When I examine the certificate, from the page, (by clicking on the “Not Secure” message, I see the error:

“Certificate (Invalid)”

Obviously, I can add the root CA certificate in the list of trusted certificates, but I thought that by running the update-ca-trust will do the trick for me.

vits95 · March 26, 2020, 12:57pm

Why not Chromium instead of proprietary Chrome? Anyway, can’t help in this… Good luck.

jonathans · March 26, 2020, 7:46pm

Hi ptselios

I’d be pretty sure that Chrome maintains its own certificates and doesn’t use those from the underlying operating system.

That’s certainly the case for Firefox - https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/

Topic		Replies	Views
Firefox security error code Ask Fedora f31 , firefox	2	1371	November 12, 2019
Problem with firefox and easy-rsa root certificate not working Ask Fedora firefox , server , easy-rsa	6	166	August 20, 2024
Why CORS request failing only in Firefox on Fedora? Ask Fedora workstation	0	212	July 12, 2023
Make firefox (flatpak) trust a certificate that fedora trusts Ask Fedora flatpak , ca-certificate , firefox , desktop , silverblue	2	2074	December 26, 2020
Recommended way of adding CA Certificates? Project Discussion coreos-wg	4	6608	March 4, 2020

Chrome and update-ca-trust

Related topics