SSL certificates not accepted in browser - Safari, chrome, firefox

[awkward-minion]

Environment

• Operating system (including version): macOS Big Sur 11.6.7 (20G630)
• mkcert version (from mkcert -version): v1.4.4
• Server (where the certificate is loaded): Angular cli has in build serving mechanism to load SSL certs, https://angular.io/cli/serve
• Client (e.g. browser, CLI tool, or script): browser (Chrome, Safari, Firefox)

What you did

brew install mkcert
brew install nss
mkcert --install
mkcert localhost 127.0.0.1

After generating certificates, I attached them to angular cli. (It is able to detect the certificates at a given path)

ng serve --ssl \                   
  --ssl-cert "/Users/gru/development/angular/ssl/localhost+1.pem” \
  --ssl-key "/Users/gru/development/angular/ssl/localhost+1-key.pem”

I have gone through some closed issues and tried to restart the browser and the entire machine.

But none of them helped.

What went wrong

[ahmadSaeedGoda]

Same here with ReactJS. Any Updates please?

[hakimio]

Might be a change in Chrome causing this.
Anyway, for anyone on Windows try this guide from StackOverflow ("Windows: Generate and self sign certificate"). Worked well for me.

[N6REJ]

I'm hoping this can be fixed.
I get the following error when I try to install

PS E:\Development\MY_PROJECTS\bearsampp-development\Bearsampp\core\libs\mkcert> ./mkcert.exe --install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
ERROR: failed to execute "keytool -importcert": exit status 1

Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: C:\Program Files\Microsoft\jdk-17.0.1.12-hotspot\lib\security\cacerts (Access is denied)

PS E:\Development\MY_PROJECTS\bearsampp-development\Bearsampp\core\libs\mkcert> 

[brezanac]

I'm hoping this can be fixed. I get the following error when I try to install

PS E:\Development\MY_PROJECTS\bearsampp-development\Bearsampp\core\libs\mkcert> ./mkcert.exe --install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
ERROR: failed to execute "keytool -importcert": exit status 1

Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: C:\Program Files\Microsoft\jdk-17.0.1.12-hotspot\lib\security\cacerts (Access is denied)

PS E:\Development\MY_PROJECTS\bearsampp-development\Bearsampp\core\libs\mkcert> 

Try running mkcert inside Powershell with elevated (Administrator) privileges or simply install gsudo.

[N6REJ]

I'm hoping this can be fixed. I get the following error when I try to install

PS E:\Development\MY_PROJECTS\bearsampp-development\Bearsampp\core\libs\mkcert> ./mkcert.exe --install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
ERROR: failed to execute "keytool -importcert": exit status 1

Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: C:\Program Files\Microsoft\jdk-17.0.1.12-hotspot\lib\security\cacerts (Access is denied)

PS E:\Development\MY_PROJECTS\bearsampp-development\Bearsampp\core\libs\mkcert> 

Try running mkcert inside Powershell with elevated (Administrator) privileges or simply install gsudo.

that was inside an elevated powershell. as shown here

[brezanac]

I'm hoping this can be fixed. I get the following error when I try to install

PS E:\Development\MY_PROJECTS\bearsampp-development\Bearsampp\core\libs\mkcert> ./mkcert.exe --install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
ERROR: failed to execute "keytool -importcert": exit status 1

Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: C:\Program Files\Microsoft\jdk-17.0.1.12-hotspot\lib\security\cacerts (Access is denied)

PS E:\Development\MY_PROJECTS\bearsampp-development\Bearsampp\core\libs\mkcert> 

Try running mkcert inside Powershell with elevated (Administrator) privileges or simply install gsudo.

that was inside an elevated powershell. as shown here

The only indication that Powershell is running with elevated privileges is that it will use C:\Windows\system32> as the startup directory and the window title will display Administrator: Windows PowerShell. Your images does not contain any of those so I assumed unprivilleged Powershell, which will break mkcert since it needs acceess to sensitive areas of the operating system.

A nice and easy way to test for elevated privileges is to run the following line of code inside Powershell.

([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

[N6REJ]

I apologize your completely correct. I'm trying to figure out how to tell phpstorm to run it as admin as we speak.

[N6REJ]

gsudo worked perfectly! TY!

[N6REJ]

Now that that is fixed... we store all ssl certs in the /ssl folder of our app. But we want to change from openssl to mkcert. How can we tell mkcert to use the ssl folder?

[awkward-minion]

Might be a change in Chrome causing this. Anyway, for anyone on Windows try this guide from StackOverflow ("Windows: Generate and self sign certificate"). Worked well for me.

Actually mkcerts selling point is you don't need to do or use multiple commands, right? Why do we need some workaround to get started with it? If mkcerts is all around workarounds, I need to switch to another library.

[blueblakk]

Facing the exact same issue.