Filippo Valsorda
Filippo Valsorda
mTLS certificates are often used for both the client and server sides. What's a use case where the extra serverAuth usage is a problem rather than just superfluous?
That Chrome restriction only applies to publicly trusted certificates. There is macOS-level restriction which we have been first working around and then complying with for a long time. Judging from...
I really don't see how mkcert v1.4.3 could have generated that certificate. Are you sure you're not using a different version of mkcert inside a container or something like that?
The password is “changeit” (for unfortunate legacy PKCS#12 reasons). The output of mkcert should have mentioned it, didn’t it?
It’s ok, we all glance over things from time to time :)
That’s weird, as mkcert does not use intermediates. The message says “installed”, maybe it wants the root in the system store? In that case running “mkcert -install” might fix it,...
I’m afraid we have to wait for someone who actually dealt with IIS, I have never actually used it.
Can you provide some more info on that ecosystem? I don't use Windows, so I wouldn't know where to start to find its root store.
mkcert supports `trust`, but it looks like your system also has a different store that is usually managed with `update-ca-certificates`. If this is a common setup that you can help...
Can you try `mkcert -uninstall` and `mkcert -install`? And if that doesn't work, trying it again from an Administrator terminal?