Invalid CA in arch linux

FiloSottile / mkcert

A simple zero-config tool to make locally trusted development certificates with any names you'd like.

https://mkcert.dev

BSD 3-Clause "New" or "Revised" License

46.9k stars 2.43k forks source link

Invalid CA in arch linux #450

Open lemonnuggets opened 2 years ago

lemonnuggets commented 2 years ago

Environment

Operating system (including version): Linux archlinux 5.18.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 30 May 2022 17:53:11 +0000 x86_64 GNU/Linux
mkcert version (from mkcert -version): (devel)
Server (where the certificate is loaded): webpack-dev-server
Client (e.g. browser, CLI tool, or script):
- Brave 1.39.111 Chromium: 102.0.5005.61 (Official Build) (64-bit)
- Google Chrome 102.0.5005.61 (Official Build) (64-bit)
- Firefox 101.0

What you did

Ran mkcert -install and mkcert localhost as instructed to generate valid certificate.

Verified that certificate authority was added to all browsers.

Brave

Chrome

Firefox

Added the following lines to my .env file within my create-react-app project to make the dev server aware of the certificates.

HTTPS=true
SSL_CERT_FILE=.cert/localhost.pem
SSL_KEY_FILE=.cert/localhost-key.pem

What went wrong

NET::ERR_CERT_AUTHORITY_INVALID in brave and chrome

MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT in firefox

FiloSottile commented 2 years ago

The server did not load the mkcert certificate for some reason. You can see the reported Issuer is “localhost” while mkcert certificates all have an Issuer that starts with “mkcert”

Sent from a small keyboard

On Jun 6, 2022, at 14:07, Adam Jijo @.***> wrote:

Environment

Operating system (including version): Linux archlinux 5.18.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 30 May 2022 17:53:11 +0000 x86_64 GNU/Linux mkcert version (from mkcert -version): (devel) Server (where the certificate is loaded): webpack-dev-server Client (e.g. browser, CLI tool, or script): Brave 1.39.111 Chromium: 102.0.5005.61 (Official Build) (64-bit) Google Chrome 102.0.5005.61 (Official Build) (64-bit) Firefox 101.0 What you did

Ran mkcert -install and mkcert localhost as instructed to generate valid certificate.

Verified that certificate authority was added to all browsers.

Brave

Chrome

Firefox

Added the following lines to my .env file within my create-react-app project to make the dev server aware of the certificates.

HTTPS=true SSL_CERT_FILE=.cert/localhost.pem SSL_KEY_FILE=.cert/localhost-key.pem What went wrong

NET::ERR_CERT_AUTHORITY_INVALID in brave and chrome

MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT in firefox

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

Cloufish commented 1 year ago

@FiloSottile

I have the same issue, but I think I've used correct commands:

mkcert -key-file server-key.pem -cert-file server-cert.pem "home" "*.home"

mkcert --install

And I still get not trusted certificate:

66RING commented 7 months ago

same issue and issuer starts with “mkcert”

nakashu commented 7 months ago

I guess I had a similar issue. Spend few hours debugging it.

It seems the problem is with Brave Browser.
My assumption is the store/location for CA is in different location for Brave than mkcert uses, for other browsers. Eg. mkcert doesn't support it yet.

What I did to get to this conclusion

install Chromium
check if site/cert is loaded properly. (for me it was ok)
check in Brave -> doesn't work
compare Chromium vs Brave authorities - setting -> privacy -> manage certificates -> authorities
For me chromium had mkcert authority, Brave didnt'
Add the auhtority manualy to Brave - test if it work -> yes.

Maybe it will help someone.

tikumo commented 5 days ago

compare Chromium vs Brave authorities - setting -> privacy -> manage certificates -> authorities

My problem was fixed by clicking on the 3 dots for extra options and then trusting the cert.

Screenshot from 2024-06-30 22-30-59