FIXED. Replying to my post. It was a browser settings problem. I fixed this way:- In Windows ... Go to Control Panel Select Internet Options Select the tab, "Advanced" Scroll down to "Security" Tick in boxes for:- Use SSL 2.0 Use SSL 3.0 Use TLS 1.0 Use TLS 1.1 Use TLS 1.2 The update from Vivaldi was applied and is working .

in the devtools console it's full of errors dreampath-gof001.jpg:1 Failed to load resource: net::ERR_CERT_COMMON_NAME_INVALID the images point to existing files but on a server with bad certificate. http://cdn-blog-assets.bigfishsites.com/Walkthroughs/Dreampath-Guardian-of-the-Forest/dreampath-gof001.jpg you have to edit that site https://www.bigfishgames.com settings (click on the lock icon, site settings, insecure content: allow) and then reload

Hey Gwen, ich habe mir das Cert noch mal vorgenommen und exakt so gechained - es hat funktioniert, und die Fehlermeldung ist ebenfalls verschwunden! @Gwen-Dragon said in SSL Handshake Error (CERT_PKIXVerifyCert Bug 2013): Wenn dessen CA aber nicht von Chromium/Google anerkannt ist, wird es schwierig. Wird es aber, wenn ihre Produkte das Zertifikat anerkennen? Oder ist Google/Chromium da einfach laxer im Umgang mit den Checks? Vielen Dank für die Hilfe und die unglaublich schnelle Aufklärung 🙂

Despite of several Loud Throats here I completely agree with the subj and with thouse who named present state as "security theater", as with who pointed that Google isn't Idol in the UI. If the fact of this EV presence is such important just move detailed info into tooltip or "Site info" popup and use a different padlock icon with a big fat checkmark over it.

@Gwen-Dragon its working now, the browser accepts saving a login-password again 0_1550216127584_4cee789d-01bd-432f-98b0-251feb422898-image.png the last thing about the obsolete cipher suite will hopefully be away, when the server was migrated from Server2008R2 to Server2016; unfortunately Server2008R2/IIS has no support für SHA-2 but it's green in the browser and working

@hstoellinger a further requirement is not met when called via (that) command line: Certificates must have correct SubjectAltName fields, using CN (CommonName) for host matching was disabled more than a year ago. Suggestion: Use an openssl config file to consistently create (renewable) certificates. It comes in handy the 3rd time you will have to fiddle with options until you get them right.

@Gwen-Dragon I installed like described the nss-tools from openSUSE tumbleweed repository via: sudo zypper in mozilla-nss-tools Afterwords I installed the certificate, downloaded from FritzBox router: certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n fritz.box -i ~/Downloads/boxcert.crt And the verification shows me, that it was well installed: certutil -d sql:$HOME/.pki/nssdb -L I think now someone else can do it easier 😉 Update - after an restart, vivaldi shows a green locker symbol.

Thanks! 🙂 You probably already know about these chromium command line switches (many/most of which may work with Vivaldi), but I thought I'd just mention them in case other readers don't.