[GH-ISSUE #186] Mkcert doesn't work properly with firefox nightly? #116

New issue

Closed

opened 2026-02-25 22:32:39 +03:00 by kerem · 2 comments

kerem commented

2026-02-25 22:32:39 +03:00

Owner

Originally created by @sereymongkol on GitHub (Aug 10, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/186

I am trying to generate some certificate for testing purpose and i could not make it work on firefox, only chrome is working. I have tried:

$ mkcert -install

But I got some error:

Using the local CA at "/home/yourpc/.local/share/mkcert" ✨
ERROR: failed to execute "tee": exit status 1

tee: /etc/ca-certificates/trust-source/anchors/mkcert_development_CA_149490715507430535598238403984841989935.crt: Permission denied
-----BEGIN CERTIFICATE-----
cGNAMTI3LjAuMC4xbG9jYWxob3N0MSkwJwYDVQQDDCBta2NlcnQgeW91cnBjQDEy
......
-----END CERTIFICATE-----

And So i tried it with root permission:

# mkcert -install

And I got this output.

Using the local CA at "/root/.local/share/mkcert" ✨

After that, I tried to execute:

# mkcert example.com "*.example.com" example.test localhost 127.0.0.1 ::1

And i got output:

Using the local CA at "/root/.local/share/mkcert" ✨
Created a new certificate valid for the following names 📜
 - "example.com"
 - "*.example.com"
 - "example.test"
 - "localhost"
 - "127.0.0.1"
 - "::1"


Reminder: X.509 wildcards only go one level deep, so this won't match a.b.example.com ℹ️

The certificate is at "./example.com+5.pem" and the key at "./example.com+5-key.pem" ✅

From the first command, i believe there is something wrong already because in the main page from github, it should include:

The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in the Firefox trust store (requires browser restart)!
(Java stuff too)

I am sure my JAVA_HOME is working properly. I have set it by:

export JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::")

And verify it:

yourpc@127:~$ $JAVA_HOME
bash: /usr/lib/jvm/java-12-openjdk: Is a directory

[root@127 norin]# $JAVA_HOME
bash: /usr/lib/jvm/java-12-openjdk: Is a directory

I am not sure if i have to set TRUST_STORES in my environment variable too or not and i did not set it yet.

So, in summary, how can I solve this problem? To make firefox-nightly trust this certificate, and mkcert automatically add the certificate into something like trust store (i am not sure if this is the one it should be) so java application trust this certificate. Thank you.

Note: I am using Arch Linux, and Open JDK 12.

Originally created by @sereymongkol on GitHub (Aug 10, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/186 I am trying to generate some certificate for testing purpose and i could not make it work on firefox, only chrome is working. I have tried: ``` $ mkcert -install ``` But I got some error: ``` Using the local CA at "/home/yourpc/.local/share/mkcert" ✨ ERROR: failed to execute "tee": exit status 1 tee: /etc/ca-certificates/trust-source/anchors/mkcert_development_CA_149490715507430535598238403984841989935.crt: Permission denied -----BEGIN CERTIFICATE----- cGNAMTI3LjAuMC4xbG9jYWxob3N0MSkwJwYDVQQDDCBta2NlcnQgeW91cnBjQDEy ...... -----END CERTIFICATE----- ``` And So i tried it with root permission: ``` # mkcert -install ``` And I got this output. ``` Using the local CA at "/root/.local/share/mkcert" ✨ ``` After that, I tried to execute: ``` # mkcert example.com "*.example.com" example.test localhost 127.0.0.1 ::1 ``` And i got output: ``` Using the local CA at "/root/.local/share/mkcert" ✨ Created a new certificate valid for the following names 📜 - "example.com" - "*.example.com" - "example.test" - "localhost" - "127.0.0.1" - "::1" Reminder: X.509 wildcards only go one level deep, so this won't match a.b.example.com ℹ️ The certificate is at "./example.com+5.pem" and the key at "./example.com+5-key.pem" ✅ ``` From the first command, i believe there is something wrong already because in the main page from github, it should include: ``` The local CA is now installed in the system trust store! ⚡️ The local CA is now installed in the Firefox trust store (requires browser restart)! (Java stuff too) ``` I am sure my JAVA_HOME is working properly. I have set it by: ``` export JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::") ``` And verify it: ``` yourpc@127:~$ $JAVA_HOME bash: /usr/lib/jvm/java-12-openjdk: Is a directory [root@127 norin]# $JAVA_HOME bash: /usr/lib/jvm/java-12-openjdk: Is a directory ``` I am not sure if i have to set *TRUST_STORES* in my environment variable too or not and i did not set it yet. So, in summary, how can I solve this problem? To make firefox-nightly trust this certificate, and mkcert automatically add the certificate into something like trust store (i am not sure if this is the one it should be) so java application trust this certificate. Thank you. Note: I am using Arch Linux, and Open JDK 12.

kerem

2026-02-25 22:32:39 +03:00

closed this issue
added the
waiting for info
label

kerem commented

2026-02-25 22:32:39 +03:00

Author

Owner

@FiloSottile commented on GitHub (Nov 9, 2019):

The first command probably failed due to "sudo" not being in the $PATH. The second one worked but didn't find keytool, which indeed is confusing. Does $JAVA_HOME/bin/keytool exist?

@FiloSottile commented on GitHub (Nov 9, 2019): The first command probably failed due to "sudo" not being in the $PATH. The second one worked but didn't find keytool, which indeed is confusing. Does `$JAVA_HOME/bin/keytool` exist?

kerem commented

2026-02-25 22:32:39 +03:00

Author

Owner

@FiloSottile commented on GitHub (Oct 25, 2020):

Timing out in "waiting for info".

@FiloSottile commented on GitHub (Oct 25, 2020): Timing out in "waiting for info".