Browser not updating certificate
For specific compatibility of your certificate see, SSL certificate compatibility.To fix this error, you will need to install one or more intermediate/chain certificates onto the web server.These root certificates are used as trust 'anchors' to verify the legitimacy of all website certificates that the browser encounters.If a browser encounters a certificate that is not signed by one of these roots, then it will state it is untrusted and visitors will see an error message like the one above.For example, Microsoft Internet Explorer can automatically download intermediate certificates the first time you visit a site that needs one while Firefox cannot.Once a trusted certificate is installed properly, all browsers will work without getting this error.I have a HAProxy / stunnel server that handles SSL for our sites on AWS.
You'd like each site to be able to handle traffic if the other one is unavailable, so you issue an SSL certificate for with two SANs: boston.and la. If Google is trying to protect users against spoofed websites, couldn't malicious website operators just add the common name as a SAN and circumvent the issue?
Now I have installed the legitimate cert on that server.
When I hit the site from my machine in Chrome it throws the following error: My guess is that Chrome cached the key for the self-signed cert and it doesn’t match that of the legitimate cert.
website.company.com) as a subjective alternative name (SAN), which is a fancy word for alias.
This check can be suppressed on Windows systems (for a temporary basis at least), and I'll explain how to do so below.