I have created a self-signed root certificate authority which if I install onto windows, linux, or even using the certificate store in firefox (windows/linux/macosx) will work perfectly with my terminating proxy.
I have installed it into the system keychain and I have set the certificate to always trust.
Within the chrome browser details it says "The certificate that Chrome received during this connection attempt is not formatted correctly, so Chrome cannot use it to protect your information. Error type: Malformed certificate"
I used this code to create the certificate:
openssl genrsa -des3 -passout pass:***** -out private/server.key 4096
openssl req -batch -passin pass:***** -new -x509 -nodes -sha1 -days 3600 -key private/server.key -out server.crt -config ../openssl.cnf
If the issue is NOT that it is malformed (because it works everywhere else) then what else could it be? Am I installing it incorrectly?
To be clear: Within the windows/linux OS, all browsers work perfectly. Within mac only firefox works if it uses its internal certificate store and not the keychain. It's the keychain method of importing a certificate that causes the issue. Thus, all browsers using the keychain will not work.
The openssl configuration defaults an intermediate certificate to have basicConstraints=CA:TRUE however in my case since I am using the intermediate certificate as an end user certificate, I need to make it basicConstraints=CA:FALSE.
On windows/linux/firefox this doesn't seem to matter, but security settings on a mac make it required.