Menu
I am trying to setup a development environment on my local PC. As the production website supports HTTPS (who does not these days?), I want to have this also on the localhost. I thought it would be easy, but no.
I have a XAMP installation, and setup all so I can access the website. However, whenever I go to any page on the site locally, I get the chrome warning:
NET::ERR_CERT_AUTHORITY_INVALID
I did follow the following thread to try and solve it:
Getting Chrome to accept self-signed localhost certificate
I also created the certificate with the correct Subject Alternative Name (SAN) section, based on this:
https://deliciousbrains.com/https-locally-without-browser-privacy-errors/
After that, I generated the CER or P7B file and imported that into Chrome. I restarted both Apache and Chrome.
I put the certificate in the Trusted Root Certificate Authorities. Somehow, Chrome decided however to place it in the Intermediate Root Certificate Authorities...
I am using Chrome 61, I had the same in 60.
So somehow I am unable to install a self signed certificate, and keep getting this warning which basically makes development on localhost impossible...
I understand that this self-signing is not exactly trustworthy, but there must be a way to develop offline? It does not make sense that we have to build websites online from now on?...
Any ideas?
775
Go to the Settings > Privacy and security> Manage certificates in Google Chrome. Go to Trusted Root Certification Authorities and click Import… Click Next and then click Browse… to select the certificate you'd downloaded.
We can simply allow invalid certificates for developing purposes in chrome.
This is only valid for Localhost
Paste this in your chrome address bar:
chrome://flags/#allow-insecure-localhost
Then enable the highlighted text: Allow invalid certificates for resources loaded from localhost
180
There is a great GUI java-based utility that I use for creating and manipulating all things PKI called KeyStore Explorer. So much easier than all of the command-line options:
http://keystore-explorer.org/
25
I fixed my exactly same issue following this .
Issue seemed to be in the way the certificate was created.
The code below is from the above site.
#!/usr/bin/env bash
mkdir ~/ssl/
openssl genrsa -des3 -out ~/ssl/rootCA.key 2048
openssl req -x509 -new -nodes -key ~/ssl/rootCA.key -sha256 -days 1024 -out ~/ssl/rootCA.pem
#!/usr/bin/env bash
sudo openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )
sudo openssl x509 -req -in server.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
server.csr.cnf file
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=US
ST=New York
L=Rochester
O=End Point
OU=Testing Domain
emailAddress=your-administrative-address@your-awesome-existing-domain.com
CN = localhost
v3.ext file
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
