Menu
I've been trying for weeks now to get this self signed certificate working in several browsers (Chrome, Firefox, Edge, IE).
I managed to create the certificate and install it as a trusted root certificate but in every browser I have to bypass the security to be able to have the test environment (website with xampp).
Today I have focused on Edge and IE (without success), and since the procedure for chrome is slightly different, I will try to make it work in chrome tomorrow.
I tried both to create a new one, and to duplicate an old (working) one, this way:
To create a new certificate, open powershell as admin, then :
New-SelfSignedCertificate -DnsName "127.0.0.1", "localhost" -CertStoreLocation "cert:\LocalMachine\My"
exported as mentioned in this description.
To clone, I used the example in this documentation.
Then I imported the certificates in the 'trusted root certificate' using certlm.msc.
But I got the error codes DLG_FLAGS_INVALID_CA and
DLG_FLAGS_SEC_CERT_CN_INVALID in Edge and IE.
Does someone know a procedure to make this work?
I've been looking al over the net without finding one.
389
Go to your Settings in Chrome. Usually, this is done by clicking the 3 dots in the upper-right of the window, and select Settings. Scroll all the way down, click to view "Advanced", then select the Manage HTTPS/SSL Certificates link. You will see a window open like this: Click the Import button.
For testing, you can use a self-signed public certificate instead of a Certificate Authority (CA)-signed certificate. This article shows you how to use Windows PowerShell to create and export a self-signed certificate. Using a self-signed certificate is only recommended for development, not production.
Here are steps to create a self-signed cert for localhost on OS X: In Keychain Access, double-click on this new localhost cert. Expand the arrow next to "Trust" and choose to "Always trust". Chrome and Safari should now trust this cert. For example, if you want to use this cert with node.js:
It is possible to sign SSL certificates since we already created CA. Next, in the cert/CA directory create a new directory, localhost. Inside localhost create a new file, localhost.ext.
The CA authority will send you the SSL certificate signed by their root certificate authority and private key. You can then validate and use the SSL certificate with your applications. But for a self-signed certificate, here is what we do. Create our own root CA certificate & CA private key (We act as a CA on our own)
I was trying to do a similar thing and did get the following to work:
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname localhost -FriendlyName "Dev localhost" -NotAfter (Get-Date).AddMonths(240) -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1")
The 'NotAfter' param extends the cert to 20 years. The 'TextExtension' param configures the cert for 'Server Authentication' only. Without this, it defaults to Client Auth + Server Auth. I haven't researched, but the Client Auth seems to cause an issue (which is odd since most online examples don't mention it; I only found one that did).
This will create the cert in both the LocalComputer\Personal & LocalComputer\Intermediate Certification Authority. It also allows you to select the cert in IIS.
In order to actually run the site, the cert needs to get into the Trusted Root Certification Authority. To accomplish this, you can either export/import the cert or nav to the site in IE, click on the red security area and work your way thru the screens to import the cert. The link above shows the import/export approach.
Final notes:
HTH
135
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
