net::ERR_CERT_AUTHORITY_INVALID for spring boot application

Question

I'm receiving this error on chrome when I try to access a spring boot backend application running on a aws ec2 instance:

net::ERR_CERT_AUTHORITY_INVALID

I've already export my certificate to the jre cacerts with:

sudo keytool -importcert -file certificate.crt -alias tomcat -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts

Installed certificate:

keytool -list -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts -alias tomcat

tomcat, Jan 5, 2021, trustedCertEntry, 
Certificate fingerprint (SHA1): 41:41:E0:F6:88:F5:B3:DF:B0:D7:3B:8D:87:95:4B:16:48:C9:92:5D

is there somethink else that I have to do?

Answer 1

That's normal for self-signed certificates. Imagine trying to access an online shop that has a certificate signed by ... the developer's mom: it should show the warning (even if we love moms a lot), because that site isn't secure at all and you shouldn't type your card number there.

That's why there are certificate providers, such as Symantec or Digicert, for example. They sign your certificate and anything signed with that is finally identified as a VALID CERT AUTHORITY. They are like the notaries of online communications.

For example, click on StackOverflow's page lock on the browser. It will show the provider of this page's certificate, which is Let's Encrypt. This provider allows the creation of trusted certificates without paying a cent, as it's a non-profit authority run by the Internet Security Research Group.

Thanks to Voo for pointing this out on the comment side.