0

The fallowing steps are done but as you can see the fallowing error appears:

openssl genrsa -out privkey.pem 2048

openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:City: Roubaix
Locality Name (eg, city) []:NICE
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Our team name
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []: mobileapp.ourdomain.com
Email Address []:My email

enter image description here

RSA
  • 1,417
  • 4
  • 22
  • 37
  • 1
    You are using a self-signed certificate, you need a valid cert to avoid chrome showing that error if you need a basic web server with valid certificates and only host static content check this [www](https://go-www.com) – nbari Sep 25 '17 at 11:48
  • 1
    ***`CN=mobileapp.ourdomain.com`*** is probably wrong. Hostnames always go in the *SAN*. If its present in the *CN*, then it must be present in the *SAN* too (you have to list it twice in this case). For more rules and reasons, see [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639) You will also need to place the self-signed certificate in the appropriate trust store. – jww Sep 25 '17 at 21:12
  • Hi @jww self-signed certificate is not allowed anymore. – RSA Sep 26 '17 at 05:06
  • 1
    @jww I think FQDN is correct as others said chrome is not supporting or trust to self-signed certificates this is not duplicated question. – Parsaria Sep 26 '17 at 05:14
  • 1
    @Parsaria - The hostname is probably OK. The first problem to be solved is the location of the name. OpenSSL only puts the hostname in the CN; it does not put the hostname in the SAN. As far as I know, all browsers except Android Browser support self-signed end-entity certificates. But before the trust issue is solved, the certificate needs to be well formed. – jww Sep 26 '17 at 05:31

1 Answers1

5

A self-signed certificate is not trusted by browsers. You have to provide a real certificate which is signed by a Certificate Authority.

One great solution is LetsEncrypt. It's free, open and their certificates are trusted by almost all modern browsers.

Moema
  • 863
  • 4
  • 10