NET::ERR_CERT_AUTHORITY_INVALID with selfcreated certificate
-
Hello,
I am testing the conversersion from http to https on my local test system (client: laptop Mint 19, LAN-connected server Debian 9) I think I performed the necessary definitions (Apache2, .htaccess). I also created a certificate through the commandopenssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/apache2/ssl/server.crt -keyout /etc/apache2/ssl/server.key
Now, when I try https://server/page... I get the above message. What can I do about it?
Regards
H. Stoellinger -
@gwen-dragon I had to use different trust flags for this to work.
@hstoellinger You can modify trust flags:
certutil -d sql:$HOME/.pki/nssdb -M -t <flags> -n "<CommonName>"
I had to supply-t P
instead of-t TC
for peer certificates.Peer entries are listed in server section at
vivaldi://settings/certificates
.
Using import on that page does not set the correct trust flags! -
@hstoellinger a further requirement is not met when called via (that) command line:
Certificates must have correctSubjectAltName
fields, usingCN
(CommonName) for host matching was disabled more than a year ago.Suggestion:
Use an openssl config file to consistently create (renewable) certificates.
It comes in handy the 3rd time you will have to fiddle with options until you get them right. -
Ppafflick moved this topic from Vivaldi for Linux on