CA installation in windows throwing ERROR "ERROR: add cert: Failed adding cert: The request is not supported"

[agnijalam]

Hi,

Thanks to mkcert for providing us a great tool for multiple environments. Anyone, could you please give me a hint why I am getting the below error. The background is, I have a node js application which is taking help of mkcert to create a CA for Windows. While starting the nodejs app, it ended with the error

(node:2192) UnhandledPromiseRejectionWarning: Error: Command failed: SET CAROOT=C:\Program Files (x86)\Test\cert && "C:\Program Files (x86)\Test\cert\mkcert-v1.3.0-windows-amd64.exe" -install -cert-file "C:\Program Files (x86)\Test\cert\localhost.crt" -key-file "C:\Program Files (x86)\Test\cert\localhost.key" localhost Created a new local CA at "C:\Program Files (x86)\Test\cert" 💥 ERROR: add cert: Failed adding cert: The request is not supported.

Notes:

• I have customized the CARROT.
• while looking at the mkcert code, the error is thrown by truststore_windows.go at addCert, which is internally calling crypt32.dll. I am not sure what is going wrong with crypt32.dll . @FiloSottile , could you please have a look at this. Thanks,

[kenny-evitt]

@shijukuchelan1985 I think maybe the value you're assigned to CAROOT might need to be quoted (because of the spaces in the Program Files (x86) directory.

[Strandedpirate]

On windows mkcert -install must be executed under elevated Administrator privileges. Your code is running under standard user account that is not elevated.

[ydschneider]

In case anyone else stumbles over this issue: mkcert -install does not seem to work without GUI on windows, even with elevated privileges. I ran into the same error message as @agnijalam when trying to run the command via ssh.

When I ran the command in a terminal via RDP, I could see a confirmation dialog that pops up. Everything worked fine after clicking OK.