I am using cert-manager, and I am using the ca-issuer.
The certs for the issuer have been generated by the PKI team, and they are secured, but the certificate generated for the application caused NET::ERR_CERT_AUTHORITY_INVALID
cert-manager.plat-intdev.mydomain.comdemo-app.plat-int-dev.mydomain.comThe different in subdomain could be the reason why it is failing ?
Alos the issuer information are the following:
CN = Issuer name
OU = DAL
OU = PKI
OU = PAL
O = MYORG1
while the certificate have the following issuer:
CN = cert-manager.plat-intdev.mydomain.com
OU = plat
O = MYSUBORG2
L = Default City
C = US
So, it is possible to add the information like OU, O, L etc.. in the certificate. When the certificate is generated (in this case for istio) the information can be added as per cert-manager API documentation.
Second, the problem was the validity of the certificate. Certain certs are available and working only in specific network and environments. Once the app was opened in the correct environment the certificate was identified as safe.