I am serving web pages inside LAN with my own certificate, signed by my own CA. Chrome warns connection is not trusted with the following details:

I am trying to add inthemoon-ca to Trusted Root Certification Authorities by various ways and the process goes well, but has no final effect on web page: it is still reported as untrusted.

How to fix?


Chrome Version is 51.0.2704.103 m (64-bit)

    Are you adding it to the user's certificate store or the machine's certificate store? You have also added the website's certificate to the store? You don't inidcate what operating system you are using. Considering editing your question to include that information. You don't indicate what version of Chrome you are using. Chrome uses the operating system's certificate store. You also don't provide any significant details on how you added it to the certicicate store, you mention you tried "various methods" but there really isn't multiple methods.
    – Ramhound
    Commented Aug 9, 2016 at 16:36
    Chrome has special GUI to manage certificates, which work similarly on different platforms (tried Linux and Windows). Various methods I tried: (1) adding certificate file, created originally (2) adding certificate file, obtained from shown window. And (A) adding to "root" section and (B) adding to other sections. I would like not to add website certificate, I would like to use CA.
    – Dims
    Commented Aug 9, 2016 at 21:14
  • in order to trust a self-signed certificate you have to add the website's certificate and the self-signed CA which signed the website's certificate. Chrome uses the system's certificate store.
    – Ramhound
    Commented Aug 9, 2016 at 21:17
  • This contradicts the principle of certificates hierarchy. The purpose of hierarchy is namely to avoid adding all children certificates. If you trust parent certificate, then you trust child one. Anyway Chrome shows explicit red icon near inthemoon-ca certificate and explicitly says it is not in trusted root.
    – Dims
    Commented Aug 9, 2016 at 21:23
  • nebula3 is signed by whom?
    – Ramhound
    Commented Aug 9, 2016 at 21:38

certificate need to contain Subject Alternativ Name

I had a similar issue with our internal websites. I have certificate of my certification authority in computer root trusted store without no result. The main problem was in the little detail, my certificate doesnt contain section: Subject Alternativ Name. Google Chrome showing that error itself ["F12" ">>" "security"].

    +1 for F12 >> Security, hadn't thought to look there.
    – Jim W
    Commented Jan 24, 2018 at 19:18
  • The solution I found was to switch browsers, Firefox allows self signed certificates while chrome specifically disallows. Delete Google Chrome, problem is solved. Commented Sep 24, 2018 at 20:25

Two things:

  1. You need to set the certificate as trusted within Windows's certificate store. Judging by your screen shot I'm assuming you're running Windows 8.

    Windows Server https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx

    Windows 8 (run certmgr.msc or certlm.msc and add the cert) Why is the local certificate store missing in Windows 8.1?

  2. You need to restart Chrome. This is from my experience.


SSL can be added through various method, (download, deploy and etc.) At first you can check the certificate is already existed on pc that want to open page using chrome.

But As I know Google Chrome browser is based on global provider validation not local. it means global certficate and valid purchased SSL-Signed is required due to it. In fact this is not show Green at the first of url bar even you produce SSL signature to open site until it doesn't validate a purchase and global one.

So iF you mean "Not Showing Green", This can cause you can't trust it. but the other browsers doesn't obey such hard policy and validation method. Otherwise chrome works like as other browser with local ssl signiture by adding Exception or "I Agree" after clicking advance button when the page showed.

    "But As I know Google Chrome browser is based on global provider validation not local." - This isn't true.
    – Ramhound
    Commented Aug 9, 2016 at 21:06
  • Well, So I coudn't see the green mark for ssl verfication in chrome without purchase one. if you knew any site that have local ssl and chrome also shows green in top left of url, so please let me know through an example one.
    – Ali Fanaei
    Commented Aug 10, 2016 at 16:15
  • Well I actually had this working locally with chrome but it's not working anymore. I used my own SSL certificate that I generated using open SSL. I had to do this in a docker container due to a bug in the Windows version when creating a pfx Commented Aug 22, 2018 at 9:15

