1

I created a self signed certificate using makecert in Microsoft's SDK. The certificate name is the same as the server and I have added it to the Trusted Root Certificate store on the client. When I look at the certificate in Chrome, it shows as ok. But when I attempt to access the site, I receive the error:

You attempted to reach [website name], but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.

How can I get around this issue and force my operating system to trust this certificate?

Barry Tormey
  • 2,966
  • 4
  • 35
  • 55
  • does chrome even use the OS certificate store? – Marc B Jul 17 '14 at 18:11
  • @MarcB It looks like it... – Barry Tormey Jul 17 '14 at 18:25
  • My guess based on the info you provided is that you haven't actually signed your server cert with a trusted CA key. You need to create a CA certificate and install it into your client key store as a trusted CA. Then you need to create a server certificate. Then you need to *sign* your server certificate with your CA key. Then you need to install that *signed* certificate into your server. Maybe this will help you figure it out: http://stackoverflow.com/questions/496658/using-makecert-for-development-ssl – indiv Jul 19 '14 at 02:10

1 Answers1

1

the first thing to do is to test using Internet Explorer. If it doesn't work there, then something is wrong with the cert or the installation.

If it does work in I.E., then you've likely used the unqualified server hostname in the cert, and Chrome specifically does not like that. So, if you've set the common name to something like ServerName, you need to create a new cert with a fully-qualified name (such as ServerName.com) and then use that host name to access the site instead.

Xander
  • 479
  • 1
  • 13
  • 25