in the devtools console it's full of errors dreampath-gof001.jpg:1 Failed to load resource: net::ERR_CERT_COMMON_NAME_INVALID the images point to existing files but on a server with bad certificate. http://cdn-blog-assets.bigfishsites.com/Walkthroughs/Dreampath-Guardian-of-the-Forest/dreampath-gof001.jpg you have to edit that site https://www.bigfishgames.com settings (click on the lock icon, site settings, insecure content: allow) and then reload

Hey Gwen, ich habe mir das Cert noch mal vorgenommen und exakt so gechained - es hat funktioniert, und die Fehlermeldung ist ebenfalls verschwunden! @Gwen-Dragon said in SSL Handshake Error (CERT_PKIXVerifyCert Bug 2013): Wenn dessen CA aber nicht von Chromium/Google anerkannt ist, wird es schwierig. Wird es aber, wenn ihre Produkte das Zertifikat anerkennen? Oder ist Google/Chromium da einfach laxer im Umgang mit den Checks? Vielen Dank für die Hilfe und die unglaublich schnelle Aufklärung 🙂

A mod still exist considering is a wontfix 🙂

@Gwen-Dragon its working now, the browser accepts saving a login-password again 0_1550216127584_4cee789d-01bd-432f-98b0-251feb422898-image.png the last thing about the obsolete cipher suite will hopefully be away, when the server was migrated from Server2008R2 to Server2016; unfortunately Server2008R2/IIS has no support für SHA-2 but it's green in the browser and working

@hstoellinger a further requirement is not met when called via (that) command line: Certificates must have correct SubjectAltName fields, using CN (CommonName) for host matching was disabled more than a year ago. Suggestion: Use an openssl config file to consistently create (renewable) certificates. It comes in handy the 3rd time you will have to fiddle with options until you get them right.

@Gwen-Dragon I installed like described the nss-tools from openSUSE tumbleweed repository via: sudo zypper in mozilla-nss-tools Afterwords I installed the certificate, downloaded from FritzBox router: certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n fritz.box -i ~/Downloads/boxcert.crt And the verification shows me, that it was well installed: certutil -d sql:$HOME/.pki/nssdb -L I think now someone else can do it easier 😉 Update - after an restart, vivaldi shows a green locker symbol.

Thanks! 🙂 You probably already know about these chromium command line switches (many/most of which may work with Vivaldi), but I thought I'd just mention them in case other readers don't.