Access localhost via HTTPS by Chrome on Ubuntu ("NET::ERR_CERT_AUTHORITY_INVALID")

Question

I want to access localhost via HTTPS by Chrome.

Would you tell me how to solve ?

• localhost is building with tomcat in Spring Boot.

• I finished to

  1. create self-signed certification(*1)
  2. enable HTTPS on Spring Boot(*2)
  3. import the certificattion by Chrome(*3)

• But when I access localhost Chrome display "NET::ERR_CERT_AUTHORITY_INVALID".

my environment:

Ubuntu 18.04
Chrome 79
Spring Boot 2.2.2
Tomcat 9

*1 create self-signed certification:

$ keytool -genkeypair -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 -ext san=dns:localhost -ext san=ip:127.0.0.1

*2 enable HTTPS on Spring Boot

$ vi src/main/resources/application.properties
  server.port=8443↲
  server.ssl.enabled=true↲
  server.ssl.key-store=keystore.p12↲
  server.ssl.key-store-password=password↲
  server.ssl.key-password=password↲
  server.ssl.key-store-type=PKCS12↲
  server.ssl.key-alias=tomcat↲
  security.require-ssl=true↲

*3 import the certificattion

$ keytool -exportcert -keystore keystore.p12 -alias tomcat -file keystore.der

(or when I access localhost, export the certificate from Chrome display)

After do, on Manage certificates import keystore.der.(Chrome setting:GUI)

Thanks Regard.

Answer 1

Your certificate is self-signed, so Chrome has no way of verifying that the certificate is valid. Self signed means that you confirm that you are you.

You can either add an exception (preferred way) or import your certificate into Chrome and trust this certificate. If you do the later it means that from now own Chrome will trust this certificate. If you loose it, or share it (eg. with your source code) someone could potentially create a secure site that your browser will no accept as valid no matter what.

Witch Chrome you could also allow invalid certificates for localhost by visiting

chrome://flags/#allow-insecure-localhost

and check "Enable".