I've generated a root CA certificate and key on my fedora system, using the following command:
openssl req -new -x509 -extensions v3_ca -keyout \
/etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 365
I have then generated a self signed certificate and signed it with the above for use by Apache. I would now like to trust the CA on my system, but have been unable to do so.
I've tried copying cacert.pem
to /etc/pki/ca-trust/source/anchors
and running /bin/update-ca-trust
which has run successfully, but when browsing to the site in chrome it's still untrusted. I can manually import the CA in chrome itself and it works, but I need a system-wide solution. Can anyone help?
Best Answer
I had read somewhere that chrome would default to using the system trust store i.e. /etc/pki/tls/certs but that was not the case. Chrome supports loading certificates from a system wide NSS trust database only.
In other words chrome has it's own database and does not have any awareness of any other trust stores.