0

I receive in Chrome the error NET::ERR_CERT_AUTHORITY_INVALID even though I imported the company's Root CA into Chrome's trust store (via settings > certificates > authorities). I imported the certificate on Firefox as well and there it works fine. I even imported the certificate in the system's trust store, but I figured out that browsers use their own. I'm using Google Chrome v88.

On Windows I do not encounter this problem in Chrome.

Improve this question
4
  • 1
    Perhaps the Chrome versions are different? Chrome's handling of certificates evolves from version to version. For a better answer I would need to examine the certificate.
    – harrymc
    Commented Mar 8, 2021 at 10:37
  • Is the website's certificate issued directly by the root CA, or is an intermediate CA being used? (Just as with public CAs, there's always an opportunity for webserver admins to misconfigure the chain, and Firefox hides the problem via intermediate caching...)
    – grawity_u1686
    Commented Mar 8, 2021 at 11:49
  • An intermediate CA is being used.
    – Alv123
    Commented Mar 8, 2021 at 13:08
  • @user1686 This was the missing hint. I checked in the firefox and saw that the intermediate CA is imported as CA as well, and indeed it was. I did the same for Chrome and now it doesn't throw the error. Thx!
    – Alv123
    Commented Mar 8, 2021 at 13:27

1 Answer 1

Reset to default
2

Credit goes to user1686's hint about the intermediate CA. I needed to import this as well as trusted CA. Now Chrome does not complain anymore!

Improve this answer
1
  • 2
    You should not have to manually trust an intermediate CA. You trust only the root. Then, the webserver should be configured to serve a certificate chain including the end-entity cert and the intermediate issuing CA(s). Alternatively, the client may be able to locate the intermediate itself if the end-entity cert has its URL listed in the AIA.
    – Jonathon Reinhart
    Commented Jul 26, 2022 at 5:27

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .