starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 13:36:02 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #219] How to install Root CA to puppeteer's chromium? #143

New issue
Open
opened 2026-02-25 22:32:42 +03:00 by kerem · 2 comments
kerem commented 2026-02-25 22:32:42 +03:00
Owner
Copy link

Originally created by @jedie on GitHub (Nov 13, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/219

A simple mkcert -install isn't enough to "inject" the Root CA to Chromium from puppeteer.

Anybody have any good advice?

EDIT: Note: I run puppeteer in docker, maybe this is the problem. Whatever. The problem is that ~/.pki/nssdb doesn't exist. So i came to this work-a-round:

mkdir -p $HOME/.pki/nssdb
certutil -d sql:$HOME/.pki/nssdb -N --empty-password
/root/bin/mkcert -install

And now, the Chromium called via puppeteer can verify the ssl certificates and '--ignore-certificate-errors' is not needed, any more.

Originally created by @jedie on GitHub (Nov 13, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/219 A simple `mkcert -install` isn't enough to "inject" the Root CA to Chromium from puppeteer. Anybody have any good advice? EDIT: Note: I run puppeteer in docker, maybe this is the problem. Whatever. The problem is that `~/.pki/nssdb` doesn't exist. So i came to this work-a-round: ``` mkdir -p $HOME/.pki/nssdb certutil -d sql:$HOME/.pki/nssdb -N --empty-password /root/bin/mkcert -install ``` And now, the Chromium called via puppeteer can verify the ssl certificates and `'--ignore-certificate-errors'` is not needed, any more.
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@radum commented on GitHub (Mar 18, 2021):

@jedie When you say you did that workaround, you mean in your docker file, or on the host machine?

<!-- gh-comment-id:802001938 --> @radum commented on GitHub (Mar 18, 2021): @jedie When you say you did that workaround, you mean in your docker file, or on the host machine?
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@masterzen commented on GitHub (Aug 26, 2021):

In my own case, the workaround wasn't working, until I found out that chromium tries to open the NSS db at /tmp/.pki/nssdb instead of ~/.pki/nssdb.

Since mkcert -install assumes .pki/nssdb to be anchored to $HOME it can be fixed with this modification:

HOME=/tmp /root/bin/mkcert -install
<!-- gh-comment-id:906432720 --> @masterzen commented on GitHub (Aug 26, 2021): In my own case, the workaround wasn't working, until I found out that chromium tries to open the NSS db at `/tmp/.pki/nssdb` instead of `~/.pki/nssdb`. Since `mkcert -install` assumes `.pki/nssdb` to be anchored to `$HOME` it can be fixed with this modification: ```sh HOME=/tmp /root/bin/mkcert -install ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#143
No description provided.