How to create your own ssl certificate and make chrome trust it?

L

Lev K2017-07-17 12:52:27

Nginx

Lev K, 2017-07-17 12:52:27

Hello.
You need to raise ssl for tests on your machine.
Everything seems to work out and nginx ate the generated ssl in this way:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx.key -out nginx.crt

As a result, I get 2 files, in the nginx config I write them to the appropriate directives.
So it worked: https://mysite.dev
But nginx.crt cannot be added to chrome, it rejects that there is no private key.
Generated .p12 key for chrome like this:

openssl pkcs12 -export -out  nginx.p12 -in nginx.crt -inkey nginx.key

Chrome ate it asking for a password, but it's marked as invalid and when I go to the site a warning is displayed that the site is not trusted (I think you understand what I mean), I would like to get rid of it and start trusting my key. Can you tell me where I took a wrong turn?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Andrey Nikolaev, 2017-07-17
@gromdron

You can trust the key by going to https://mysite.dev and adding it to trusted (If you open the site via https and chrome does not issue warnings, then the certificate is trusted). However, chrome will mark it in red - since you gave it to yourself.

C

CityCat4, 2017-07-17
@CityCat4

You are adding it to the wrong repository. You need to add it to the "Trusted Root Centers" - you are your own CA.

V

Viktor Taran, 2017-07-17
@shambler81

Everything is just a self-signed certificate will never be trusted. Well, you signed it yourself;) gygy
This is how you should do it
https://habrahabr.ru/post/318952/

S

slk, 2019-07-24
@slk

Chrome can be taught to ignore certificate errors, at least for serviceWorker development
https://www.chromium.org/blink/serviceworker/servi...