Your certificate has multiple copies of various extensions, some of then even having different values. Here's what GnuTLS certtool -i
has to say about it:
$ certtool -i < SU1482305.crt
X.509 Certificate Information:
Version: 3
Serial Number (hex): 11e2438da11b3338655874e3a4104cfaabc410e0
Issuer: CN=ACA ECC ROOT G1,OU=alternativeca.us/ca/ecc/g1,O=AlternativeCA inc.,L=Phoenix,ST=Arizona,C=US
Validity:
Not Before: Fri Sep 13 10:54:33 UTC 2019
Not After: Fri Jul 14 10:54:33 UTC 2023
Subject: CN=seeklay.icu,O=Internet Widgits Pty Ltd,ST=Some-State,C=US
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
8d
Exponent (bits 24):
Extensions:
Authority Key Identifier (not critical):
directoryName: CN=seeklay.icu,O=Internet Widgits Pty Ltd,ST=Some-State,C=US
serial: 13fec21b5f7198cdb35f95b455263b92078b3b24
Basic Constraints (not critical):
Certificate Authority (CA): FALSE
Key Usage (not critical):
Digital signature.
Non repudiation.
Key encipherment.
Data encipherment.
Subject Alternative Name (not critical):
DNSname: tls.seeklay.icu
DNSname: seeklay.icu
warning: more than one AKI extension
Authority Key Identifier (not critical):
directoryName: CN=ACA ECC ROOT G1,OU=alternativeca.us/ca/ecc/g1,O=AlternativeCA inc.,L=Phoenix,ST=Arizona,C=US
serial: 5810507f10d39ff8bce24d6258e133e38a56c757
warning: more than one basic constraint
Basic Constraints (not critical):
Certificate Authority (CA): FALSE
warning: more than one key usage extension
Key Usage (not critical):
Digital signature.
Non repudiation.
Key encipherment.
Data encipherment.
warning: more than one SKI extension
Subject Alternative Name (not critical):
DNSname: tls.seeklay.icu
DNSname: seeklay.icu
Signature Algorithm: RSA-SHA256
As you can see, all extensions are duplicated and the Authority Key Identifier even references two different CA certs.
Chrome shows what's causing the error, the Certificate Authority (
– JW0914 – 2019-09-13T12:59:21.003NET::ERR_CERT_AUTHORITY_INVALID
). See Google's resultsif you trigger a warning, another appears that there is no SAN – SeekLay – 2019-09-13T13:03:15.187