Force trust of a cert signed by distrusted CA? (google chrome)

0

My server cert has been signed by "StartCom Class 1 DV Server CA", and that is a CA that is now generally distrusted. However, I'm only using my server privately and I don't really want to re-setup my certs for that.

Is there any way to force Google Chrome to trust my cert? I tried importing the pem file containing it, chrome says all okay, but nothing appears in chrome's cert manager. Also tried .der and .p7b with password, and chrome doesn't even ask for the password.... Am I assuming correctly that chrome simply refuses to trust/import certs issues by distrusted CAs and that I cannot circumvent that in any way?

user1050755

Posted 2017-04-21T08:19:57.347

Reputation: 103

This is not so much of a security question than a Chrome config question. – schroeder – 2017-04-21T08:28:52.860

From what I know Chrome uses the Windows Certificate store. So you should have the same problem with IE/Edge if it's a general problem. If it's not ... yes it's chrome. – Seth – 2017-04-21T10:48:19.497

Answers

1

As already mentioned by Seth Chrome uses the Windows cert store. Chrome does not offer an option to import certificates (you can't even view them easily in the current version) so you need to fire up Internet Explorer and import it from there. (https://www.poweradmin.com/help/sslhints/ie.aspx)

By the way: I faced the same issue as you did with StartCom certs. It only took me a few minutes to swap to Let's Encrypt certificates with Certbot (https://certbot.eff.org/)

adiuva

Posted 2017-04-21T08:19:57.347

Reputation: 128

yeah did that too now – user1050755 – 2017-04-29T21:53:20.577

Asked: 2017-04-21T08:19:57.347

Viewed: 482 times

Active: 2017-04-21T11:39:48.040