1

I have created a self-signed certificate in nginx server in ubuntu as below:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

Coverted crt to pem using open ssl:

openssl x509 -in nginx-selfsigned.crt -out nginx-selfsigned.pem -outform PEM

When I import this certificate using keytool in debian, the import process is successful:

sudo keytool -importcert -keystore /certs -storepass changeit -file nginx-selfsigned.pem -alias some alias

But after that, the certificate isn't trusted. Why the importing certificate isn't trusted?

Any suggestion about this issue would be appreciated.

Jasmine
  • 243
  • 1
  • 3
  • 9

1 Answers1

1

If you want the self signed certificate to be trusted, it must be in the "Trusted CAs" certificate store on each client that is connecting. Depending on your browser, you should be able to view the cert and see why it doesn't trust it also (e.g. not yet valid, expired, name mismatch, not from trusted CA, etc.)

Cory Knutson
  • 1,876
  • 13
  • 20
  • I have added certificate: sudo cp /etc/nginx/ssl/nginx.crt /usr/local/share/ca-certificates. But still I have this error from responding server: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain – Jasmine May 09 '17 at 19:32
  • Is this error when you access the web page, or what are you using this certificate for? – Cory Knutson May 09 '17 at 20:54
  • I'm using this certificate for a web service – Jasmine May 09 '17 at 20:56
  • Where is the error coming from? The web page or trying to install the cert? – Cory Knutson May 09 '17 at 20:57
  • I have imported my webservice certification into responding server with keytools. – Jasmine May 09 '17 at 21:16
  • So where is the error `java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain` coming from? – Cory Knutson May 09 '17 at 21:19
  • this error is in responding server. There are 2 servers. Responding server send post request to my web service. – Jasmine May 09 '17 at 21:21
  • The responding server, doesn't trust my webservice certificate. – Jasmine May 09 '17 at 21:25
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/58481/discussion-between-cory-knutson-and-phpexe). – Cory Knutson May 09 '17 at 21:31