Chrome OSX SSL This certificate has an invalid issuer

About

Asked 16/5, 2017 at 13:56 Answered 28/8, 2017 at 7:29

I am getting an 'invalid issuer' error when trying to access a local site. As can be seen in the screenshot, the root CA certificate has been imported and trusted. So, why do I still get this error?

The certificate works correctly in Firefox after importing the CA cert.

Carilyn answered 16/5, 2017 at 13:56 Comment(1)

We have exactly the same problem: Generated our own root certificate and installed fine as trusted on Windows (Chrome/Firefox) and Mac (Firefox only). In Mac/Chrome we get the same error "This certificate has an invalid issuer" even though the root certificate is marked as trusted in the System key chain. – Feoff 25/8, 2017 at 15:55

Mac OS does not support Name Constraints. Removing this property from the root certificate solved this issue in our case. For background see: https://security.stackexchange.com/questions/95600/are-x-509-nameconstraints-on-certificates-supported-on-os-x

(You don't appear to be using this property according to the screenshots, but I'm still posting this as it might be a valid solution for others)

Feoff answered 28/8, 2017 at 7:29 Comment(1)

Note: marking the Name Constraints as not "critical" also solved this problem. (But you should determine yourself if this is smart: security.stackexchange.com/a/30978/39516) – Feoff 28/8, 2017 at 7:59

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags