I have created a self-signed root certificate authority which if I install onto windows, linux, or even using the certificate store in firefox (windows/linux/macosx) will work perfectly with my terminating proxy.
I have installed it into the system keychain and I have set the certificate to always trust.
Within the chrome browser details it says "The certificate that Chrome received during this connection attempt is not formatted correctly, so Chrome cannot use it to protect your information. Error type: Malformed certificate"
I used this code to create the certificate:
openssl genrsa -des3 -passout pass:***** -out private/server.key 4096
openssl req -batch -passin pass:***** -new -x509 -nodes -sha1 -days 3600 -key private/server.key -out server.crt -config ../openssl.cnf
If the issue is NOT that it is malformed (because it works everywhere else) then what else could it be? Am I installing it incorrectly?
To be clear:
Within the windows/linux OS, all browsers work perfectly. Within mac only firefox works if it uses its internal certificate store and not the keychain. It's the keychain method of importing a certificate that causes the issue. Thus, all browsers using the keychain will not work.
Root CA Cert:
-----BEGIN CERTIFICATE-----
**some base64 stuff**
-----END CERTIFICATE-----
Intermediate CA Cert:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=*****, ST=*******, L=******, O=*******, CN=******/emailAddress=******
Validity
Not Before: May 21 13:57:32 2014 GMT
Not After : Jun 20 13:57:32 2014 GMT
Subject: C=*****, ST=********, O=*******, CN=*******/emailAddress=*******
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (4096 bit)
Modulus (4096 bit):
00:e7:2d:75:38:23:02:8e:b9:8d:2f:33:4c:2a:11:
6d:d4:f8:29:ab:f3:fc:12:00:0f:bb:34:ec:35:ed:
a5:38:10:1e:f3:54:c2:69:ae:3b:22:c0:0d:00:97:
08:da:b9:c9:32:c0:c6:b1:8b:22:7e:53:ea:69:e2:
6d:0f:bd:f5:96:b2:d0:0d:b2:db:07:ba:f1:ce:53:
8a:5e:e0:22:ce:3e:36:ed:51:63:21:e7:45:ad:f9:
4d:9b:8f:7f:33:4c:ed:fc:a6:ac:16:70:f5:96:36:
37:c8:65:47:d1:d3:12:70:3e:8d:2f:fb:9f:94:e0:
c9:5f:d0:8c:30:e0:04:23:38:22:e5:d9:84:15:b8:
31:e7:a7:28:51:b8:7f:01:49:fb:88:e9:6c:93:0e:
63:eb:66:2b:b4:a0:f0:31:33:8b:b4:04:84:1f:9e:
d5:ed:23:cc:bf:9b:8e:be:9a:5c:03:d6:4f:1a:6f:
2d:8f:47:60:6c:89:c5:f0:06:df:ac:cb:26:f8:1a:
48:52:5e:51:a0:47:6a:30:e8:bc:88:8b:fd:bb:6b:
c9:03:db:c2:46:86:c0:c5:a5:45:5b:a9:a3:61:35:
37:e9:fc:a1:7b:ae:71:3a:5c:9c:52:84:dd:b2:86:
b3:2e:2e:7a:5b:e1:40:34:4a:46:f0:f8:43:26:58:
30:87:f9:c6:c9:bc:b4:73:8b:fc:08:13:33:cc:d0:
b7:8a:31:e9:38:a3:a9:cc:01:e2:d4:c2:a5:c1:55:
52:72:52:2b:06:a3:36:30:0c:5c:29:1a:dd:14:93:
2b:9d:bf:ac:c1:2d:cd:3f:89:1f:bc:ad:a4:f2:bd:
81:77:a9:f4:f0:b9:50:9e:fb:f5:da:ee:4e:b7:66:
e5:ab:d1:00:74:29:6f:01:28:32:ea:7d:3f:b3:d7:
97:f2:60:63:41:0f:30:6a:aa:74:f4:63:4f:26:7b:
71:ed:57:f1:d4:99:72:61:f4:69:ad:31:82:76:67:
21:e1:32:2f:e8:46:d3:28:61:b1:10:df:4c:02:e5:
d3:cc:22:30:a4:bb:81:10:dc:7d:49:94:b2:02:2d:
96:7f:e5:61:fa:6b:bd:22:21:55:97:82:18:4e:b5:
a0:67:2b:57:93:1c:ef:e5:d2:fb:52:79:95:13:11:
20:06:8c:fb:e7:0b:fd:96:08:eb:17:e6:5b:b5:a0:
8d:dd:22:63:99:af:ad:ce:8c:76:14:9a:31:55:d7:
95:ea:ff:10:6f:7c:9c:21:00:5e:be:df:b0:87:75:
5d:a6:87:ca:18:94:e7:6a:15:fe:27:dd:28:5e:c0:
ad:d2:91:d3:2d:8e:c3:c0:9f:fb:ff:c0:36:7e:e2:
d7:bc:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:localhost, DNS:dropbox.com, DNS:*.dropbox.com, DNS:filedropper.com, DNS:*.filedropper.com
X509v3 Subject Key Identifier:
F3:E5:38:5B:3C:AF:1C:73:C1:4C:7D:8B:C8:A1:03:82:65:0D:FF:45
X509v3 Authority Key Identifier:
keyid:2B:37:39:7B:9F:45:14:FE:F8:BC:CA:E0:6E:B4:5F:D6:1A:2B:D7:B0
DirName:/C=****/ST=******/L=*******/O=*******/CN=******/emailAddress=*******
serial:EE:8C:A3:B4:40:90:B0:62
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
46:2a:2c:e0:66:e3:fa:c6:80:b6:81:e7:db:c3:29:ab:e7:1c:
f0:d9:a0:b7:a9:57:8c:81:3e:30:8f:7d:ef:f7:ed:3c:5f:1e:
a5:f6:ae:09:ab:5e:63:b4:f6:d6:b6:ac:1c:a0:ec:10:19:ce:
dd:5a:62:06:b4:88:5a:57:26:81:8e:38:b9:0f:26:cd:d9:36:
83:52:ec:df:f4:63:ce:a1:ba:d4:1c:ec:b6:66:ed:f0:32:0e:
25:87:79:fa:95:ee:0f:a0:c6:2d:8f:e9:fb:11:de:cf:26:fa:
59:fa:bd:0b:74:76:a6:5d:41:0d:cd:35:4e:ca:80:58:2a:a8:
5d:e4:d8:cf:ef:92:8d:52:f9:f2:bf:65:50:da:a8:10:1b:5e:
50:a7:7e:57:7b:94:7f:5c:74:2e:80:ae:1e:24:5f:0b:7b:7e:
19:b6:b5:bd:9d:46:5a:e8:47:43:aa:51:b3:4b:3f:12:df:7f:
ef:65:21:85:c2:f6:83:84:d0:8d:8b:d9:6d:a8:f9:11:d4:65:
7d:8f:28:22:3c:34:bb:99:4e:14:89:45:a4:62:ed:52:b1:64:
9a:fd:08:cd:ff:ca:9e:3b:51:81:33:e6:37:aa:cb:76:01:90:
d1:39:6f:6a:8b:2d:f5:07:f8:f4:2a:ce:01:37:ba:4b:7f:d4:
62:d7:d6:66:b8:78:ad:0b:23:b6:2e:b0:9a:fc:0f:8c:4c:29:
86:a0:bc:33:71:e5:7f:aa:3e:0e:ca:02:e1:f6:88:f0:ff:a2:
04:5a:f5:d7:fe:7d:49:0a:d2:63:9c:24:ed:02:c7:4d:63:e6:
0c:e1:04:cd:a4:bf:a8:31:d3:10:db:b4:71:48:f7:1a:1b:d9:
eb:a7:2e:26:00:38:bd:a8:96:b4:83:09:c9:3d:79:90:e1:61:
2c:fc:a0:2c:6b:7d:46:a8:d7:17:7f:ae:60:79:c1:b6:5c:f9:
3c:84:64:7b:7f:db:e9:f1:55:04:6e:b5:d3:5e:d3:e3:13:29:
3f:0b:03:f2:d7:a8:30:02:e1:12:f4:ae:61:6f:f5:4b:e9:ed:
1d:33:af:cd:9b:43:42:35:1a:d4:f6:b9:fb:bf:c9:8d:6c:30:
25:33:43:49:32:43:a5:a8:d8:82:ef:b0:a6:bd:8b:fb:b6:ed:
72:fd:9a:8f:00:3b:97:a3:35:a4:ad:26:2f:a9:7d:74:08:82:
26:71:40:f9:9b:01:14:2e:82:fb:2f:c0:11:51:00:51:07:f9:
e1:f6:1f:13:6e:03:ee:d7:85:c2:64:ce:54:3f:15:d4:d7:92:
5f:87:aa:1e:b4:df:51:77:12:04:d2:a5:59:b3:26:87:79:ce:
ee:be:60:4e:87:20:5c:7f
-----BEGIN CERTIFICATE-----
**some base64 stuff**
-----END CERTIFICATE-----
