mkcert icon indicating copy to clipboard operation
mkcert copied to clipboard

Published 20 hours ago verified publisher icon FiloSottile

Invalid CA in arch linux

Open lemonnuggets opened this issue 2 years ago • 5 comments

Environment

  • Operating system (including version): Linux archlinux 5.18.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 30 May 2022 17:53:11 +0000 x86_64 GNU/Linux
  • mkcert version (from mkcert -version): (devel)
  • Server (where the certificate is loaded): webpack-dev-server
  • Client (e.g. browser, CLI tool, or script):
    • Brave 1.39.111 Chromium: 102.0.5005.61 (Official Build) (64-bit)
    • Google Chrome 102.0.5005.61 (Official Build) (64-bit)
    • Firefox 101.0

What you did

Ran mkcert -install and mkcert localhost as instructed to generate valid certificate. image

Verified that certificate authority was added to all browsers.

Brave image

Chrome image

Firefox image

Added the following lines to my .env file within my create-react-app project to make the dev server aware of the certificates.

HTTPS=true
SSL_CERT_FILE=.cert/localhost.pem
SSL_KEY_FILE=.cert/localhost-key.pem

What went wrong

NET::ERR_CERT_AUTHORITY_INVALID in brave and chrome image image

MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT in firefox image

lemonnuggets avatar Jun 06 '22 12:06 lemonnuggets

The server did not load the mkcert certificate for some reason. You can see the reported Issuer is “localhost” while mkcert certificates all have an Issuer that starts with “mkcert”

Sent from a small keyboard

On Jun 6, 2022, at 14:07, Adam Jijo @.***> wrote:

 Environment

Operating system (including version): Linux archlinux 5.18.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 30 May 2022 17:53:11 +0000 x86_64 GNU/Linux mkcert version (from mkcert -version): (devel) Server (where the certificate is loaded): webpack-dev-server Client (e.g. browser, CLI tool, or script): Brave 1.39.111 Chromium: 102.0.5005.61 (Official Build) (64-bit) Google Chrome 102.0.5005.61 (Official Build) (64-bit) Firefox 101.0 What you did

Ran mkcert -install and mkcert localhost as instructed to generate valid certificate.

Verified that certificate authority was added to all browsers.

Brave

Chrome

Firefox

Added the following lines to my .env file within my create-react-app project to make the dev server aware of the certificates.

HTTPS=true SSL_CERT_FILE=.cert/localhost.pem SSL_KEY_FILE=.cert/localhost-key.pem What went wrong

NET::ERR_CERT_AUTHORITY_INVALID in brave and chrome

MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT in firefox

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

FiloSottile avatar Jun 06 '22 13:06 FiloSottile

@FiloSottile

I have the same issue, but I think I've used correct commands:

mkcert -key-file server-key.pem -cert-file server-cert.pem "home" "*.home"

image

mkcert --install

image

And I still get not trusted certificate: image

image

image

Cloufish avatar Apr 08 '23 08:04 Cloufish

same issue and issuer starts with “mkcert” image

image

66RING avatar Dec 04 '23 02:12 66RING

I guess I had a similar issue. Spend few hours debugging it.

It seems the problem is with Brave Browser.
My assumption is the store/location for CA is in different location for Brave than mkcert uses, for other browsers. Eg. mkcert doesn't support it yet.

What I did to get to this conclusion

  • install Chromium
  • check if site/cert is loaded properly. (for me it was ok)
  • check in Brave -> doesn't work
  • compare Chromium vs Brave authorities - setting -> privacy -> manage certificates -> authorities
  • For me chromium had mkcert authority, Brave didnt'
  • Add the auhtority manualy to Brave - test if it work -> yes.

Maybe it will help someone.

nakashu avatar Dec 04 '23 14:12 nakashu