Chrome and update-ca-trust

ptselios · March 25, 2020, 11:49am

Hello,
I have created my own CA and intermediate CA (for lab purposes).
I have installed the Root CA in my Fedora 30

But, although the rootCA is shown in the out put of the trust command, Chrome insists that it cannot trust the page!
I receive the NET::ERR_CERT_AUTHORITY_INVALID error message.

When I examine the certificate, from the page, (by clicking on the “Not Secure” message, I see the error:

“Certificate (Invalid)”

Obviously, I can add the root CA certificate in the list of trusted certificates, but I thought that by running the update-ca-trust will do the trick for me.

vits95 · March 26, 2020, 12:57pm

Why not Chromium instead of proprietary Chrome? Anyway, can’t help in this… Good luck.

jonathans · March 26, 2020, 7:46pm

Hi ptselios

I’d be pretty sure that Chrome maintains its own certificates and doesn’t use those from the underlying operating system.

That’s certainly the case for Firefox - https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/