Re: Self signed cert issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 15-Sep-2017 06:24, Richard Olsen wrote:
> When i click on advanced i see
> 
> "host.local.com uses and invalid security certificate. The certificate is
> not trusted because the issuer certificate is unknown. The server might not
> be sending the appropriate intermediate certficates. An addistional root
> certificate may need to be imported.

This is what you should expect to see.  Your browser is telling you that
your self-signed server certificate isn't part of a chain, where the top
of the chain is some CA that the browser trusts (because the top-level
CA is in a configuration file somewhere).

You may be able to import the self-signed server certificate into the
browser as a trusted root, but the slightly-better option is to set up
your own top-level CA (whose certificate you import into the browser),
and then use that CA to create your server and client certificates.

It's a bit more work, but also more useful if you ever want to issue
certificates for a different server, different client, or issue a new
certificate after one expires (and not have to update all the
self-signed stuff.)

Regards,
-- 
Mersenne Law ·  www.mersenne.com  · +1-503-679-1671
Small Business, Startup & Intellectual Property Law
9600 S.W. Oak Street Suite 500 Tigard, Oregon 97223

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux