1

I've generated a root CA certificate and key on my fedora system, using the following command:

openssl req -new -x509 -extensions v3_ca -keyout \
/etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 365

I have then generated a self signed certificate and signed it with the above for use by Apache. I would now like to trust the CA on my system, but have been unable to do so.

I've tried copying cacert.pem to /etc/pki/ca-trust/source/anchors and running /bin/update-ca-trust which has run successfully, but when browsing to the site in chrome it's still untrusted. I can manually import the CA in chrome itself and it works, but I need a system-wide solution. Can anyone help?

guntbert
  • 631
  • 9
  • 21
dcrdev
  • 89
  • 1
  • 1
  • 9
  • In that case yes must have been a misunderstanding - when it came up it just highlighted the file paths in red, so I presumed the proposed edit meant removing those pieces of text, Sorry! – dcrdev Oct 22 '15 at 14:23

1 Answers1

2

I had read somewhere that chrome would default to using the system trust store i.e. /etc/pki/tls/certs but that was not the case. Chrome supports loading certificates from a system wide NSS trust database only.

In other words chrome has it's own database and does not have any awareness of any other trust stores.

dcrdev
  • 89
  • 1
  • 1
  • 9