Invalid CA in arch linux

Question

Invalid CA in arch linux

lemonnuggets opened this issue 2 years ago · 5 comments

lemonnuggets commented 2 years ago

Environment

Operating system (including version): Linux archlinux 5.18.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 30 May 2022 17:53:11 +0000 x86_64 GNU/Linux
mkcert version (from mkcert -version): (devel)
Server (where the certificate is loaded): webpack-dev-server
Client (e.g. browser, CLI tool, or script):
- Brave 1.39.111 Chromium: 102.0.5005.61 (Official Build) (64-bit)
- Google Chrome 102.0.5005.61 (Official Build) (64-bit)
- Firefox 101.0

What you did

Ran mkcert -install and mkcert localhost as instructed to generate valid certificate.

Verified that certificate authority was added to all browsers.

Brave

Chrome

Firefox

Added the following lines to my .env file within my create-react-app project to make the dev server aware of the certificates.

HTTPS=true
SSL_CERT_FILE=.cert/localhost.pem
SSL_KEY_FILE=.cert/localhost-key.pem

What went wrong

NET::ERR_CERT_AUTHORITY_INVALID in brave and chrome

MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT in firefox

Answer 1 · 2022-06-06T13:43:03.000Z

The server did not load the mkcert certificate for some reason. You can see the reported Issuer is “localhost” while mkcert certificates all have an Issuer that starts with “mkcert” Sent from a small keyboard

…

On Jun 6, 2022, at 14:07, Adam Jijo ***@***.***> wrote: Environment Operating system (including version): Linux archlinux 5.18.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 30 May 2022 17:53:11 +0000 x86_64 GNU/Linux mkcert version (from mkcert -version): (devel) Server (where the certificate is loaded): webpack-dev-server Client (e.g. browser, CLI tool, or script): Brave 1.39.111 Chromium: 102.0.5005.61 (Official Build) (64-bit) Google Chrome 102.0.5005.61 (Official Build) (64-bit) Firefox 101.0 What you did Ran mkcert -install and mkcert localhost as instructed to generate valid certificate. Verified that certificate authority was added to all browsers. Brave Chrome Firefox Added the following lines to my .env file within my create-react-app project to make the dev server aware of the certificates. HTTPS=true SSL_CERT_FILE=.cert/localhost.pem SSL_KEY_FILE=.cert/localhost-key.pem What went wrong NET::ERR_CERT_AUTHORITY_INVALID in brave and chrome MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT in firefox — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

Answer 2 · 2023-04-08T08:48:54.000Z

@FiloSottile

I have the same issue, but I think I've used correct commands:

mkcert -key-file server-key.pem -cert-file server-cert.pem "home" "*.home"

mkcert --install

And I still get not trusted certificate:

Answer 3 · 2023-12-04T02:20:16.000Z

same issue and issuer starts with “mkcert”

Answer 4 · 2023-12-04T14:47:11.000Z

I guess I had a similar issue. Spend few hours debugging it.

It seems the problem is with Brave Browser.
My assumption is the store/location for CA is in different location for Brave than mkcert uses, for other browsers.
Eg. mkcert doesn't support it yet.

What I did to get to this conclusion

install Chromium
check if site/cert is loaded properly. (for me it was ok)
check in Brave -> doesn't work
compare Chromium vs Brave authorities - setting -> privacy -> manage certificates -> authorities
For me chromium had mkcert authority, Brave didnt'
Add the auhtority manualy to Brave - test if it work -> yes.

Maybe it will help someone.

Answer 5 · 2024-06-30T20:31:31.000Z

compare Chromium vs Brave authorities - setting -> privacy -> manage certificates -> authorities

My problem was fixed by clicking on the 3 dots for extra options and then trusting the cert.