I have a gitlab server running in our company for which I have obtained a certificate signed by our company's CA. Since I can access the site from a machine within our domain without getting SSL errors, I'm assuming, that the server is configured correctly.
When working with my laptop, I of course did not have the company CA certificate. For example openssl s_client -connect my.git.server:443 would return an "Error 19, self signed certificate in chain":
0 s:/C=REDACTED
i:/DC=REDACTED/DC=REDACTED/CN=IssuingCA
1 s:/DC=REDACTED/DC=REDACTED/CN=IssuingCA
i:/CN=RootCA
2 s:/CN=RootCA
i:/CN=RootCA
So I accessed the server and exported the root CA cert. I then added it to my system store:
sudo su
cp RootCA /usr/local/share/ca-certificates/extra/RootCA.crt
update-ca-certificates
Now openssl accepts it just fine (return code 0, ok). However, Google Chrome still complains:
This server could not prove that it is my.git.server; its security certificate is not trusted by your computer's operating system.
Were it not for this message, I'd have figured that Chrome has its own certificate store and doesn't care for the OS. But it seems quite clear that the certificate is trusted by the OS and Chrome refers to it.
I am running Ubuntu 18.04. Is this just a quirk of Chrome that it doesn't respect the system certs, or am I missing something?
