HACKER Q&A
📣 herpderperator

Why does Chrome not trust this trusted valid cert?


I was reading an article about how Apple is asking some of its employees to wear police-grade bodycams[0] and clicked to view the product it was referencing. Once on the manufacturer's website[1] I was wondering how much they cost so I clicked the Buy button which took me to their buy subdomain[2], but then I got a certificate error. I can't figure out why. The issue can be reproduced on another M1 MacBook Air with the same Chrome version but not on Ubuntu 20.04 with the same Chrome version. Chrome uses the system's certificate store so if the dialog says trusted - which it does - my understanding is that it should not be showing this error.

I'm on an M1 MacBook Air running Big Sur 11.4. Chrome is version 91.0.4472.114 (Official Build) (arm64).

Video: https://www.dropbox.com/s/1vrftuwtx4s1gf8/untrusted.mkv?dl=0

[0] https://www.frontpagetech.com/2021/06/28/exclusive-apple-making-employees-wear-police-grade-body-cams-in-response-to-leaks/

[1] https://www.axon.com/products/axon-body-2

[2] https://buy.axon.com/ccrz__ProductDetails?viewState=DetailView&cartID=&portalUser=&store=&cclcl=en_US&sku=74004

  👤 outsomnia Accepted Answer ✓
The buy.axon.com server is misconfigured, it only provides its own cert and not additionally a necessary intermediate "Go Daddy Secure Certificate Authority - G2".

If your client system has the intermediate, it will be able to validate. If not, you will not be able to establish communication with it, even though you may trust the root the intermediate cert is signed by, there is a gap in the middle.