2

I have set up my own Root CA and Intermediate CAs for my local sites (virtual sites). I also have installed them to trusted certificates in my computer and also the intermediate CAs on their own folder in the cert market of my computer.

However, when I open my website in a browser it finds my certificate invalid. What could be the fix to this? Please consider pictures below.

I use Yandex Browser (almost the same as Chrome Browser)

enter image description here

1 Answers1

1

I ran into the same situation today: self-signed CA (registered as trustworthy CA) and server certificate signed by that CA.

  • Firefox and Edge accepted the certificate
  • Java accepted it as well (JAX-RS request with CA in truststore)
  • but Chrome rejected it with ERR_CERT_INVALID.

The CA and server certificate both used EC-256 key material.

When I recreated the CA and server certificate, using RSA-2048 keys instead of Elliptic Curves, the certificate chain was accepted by Chrome.

Seems to be an ECC issue with Chrome and other Chrome based user agents (such as Postman, which also wouldn't connect when using ECC keys).

Peter Walser
  • 1,781
  • 2
  • 11
  • 9