starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #231] mkcert failed adding cert: Access is denied. #145

New issue
Open
opened 2026-02-25 22:32:43 +03:00 by kerem · 15 comments
kerem commented 2026-02-25 22:32:43 +03:00
Owner
Copy link

Originally created by @davidsiagian on GitHub (Jan 8, 2020).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/231

Hi,
I tried to use mkcert on Windows.
However when I use mkcert -install, it is failed because access is denied.
I dont know the problem because I use cmd as administrator.

Screenshot_3

Originally created by @davidsiagian on GitHub (Jan 8, 2020). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/231 Hi, I tried to use mkcert on Windows. However when I use mkcert -install, it is failed because access is denied. I dont know the problem because I use cmd as administrator. ![Screenshot_3](https://user-images.githubusercontent.com/42040754/71989637-9835c300-3264-11ea-8fd7-06203e0dd4b7.png)
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@Strandedpirate commented on GitHub (Jan 9, 2020):

On windows mkcert -install must be executed under elevated Administrator privileges. Open the command prompt as Administrator and try again.

<!-- gh-comment-id:572372769 --> @Strandedpirate commented on GitHub (Jan 9, 2020): On windows `mkcert -install` must be executed under elevated Administrator privileges. Open the command prompt as Administrator and try again.
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@arafel commented on GitHub (Jan 10, 2020):

Hi
From the image it doesn't look like that cmd is being run as admin; did you right-click on the "command prompt" entry in the menu and choose "run as administrator"? When I do that, it looks like the image attached - note the "Administrator:" in the window title.

2020-01-10 14_23_50-Administrator_ Command Prompt

<!-- gh-comment-id:573055658 --> @arafel commented on GitHub (Jan 10, 2020): Hi From the image it doesn't look like that cmd is being run as admin; did you right-click on the "command prompt" entry in the menu and choose "run as administrator"? When I do that, it looks like the image attached - note the "Administrator:" in the window title. ![2020-01-10 14_23_50-Administrator_ Command Prompt](https://user-images.githubusercontent.com/154439/72159778-09848b80-33b5-11ea-8140-96845b6cbec3.jpg)
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@davidsiagian commented on GitHub (Jan 12, 2020):

@arafel @Strandedpirate Hi, thanks for your respond. My bad, I forgot to give image with cmd run as administrator.
I couldn't find any source with help.

Screenshot_2

<!-- gh-comment-id:573433062 --> @davidsiagian commented on GitHub (Jan 12, 2020): @arafel @Strandedpirate Hi, thanks for your respond. My bad, I forgot to give image with cmd run as administrator. I couldn't find any source with help. ![Screenshot_2](https://user-images.githubusercontent.com/42040754/72222151-71dd9380-3594-11ea-9311-a8a5272ed3f8.png)
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@julian-code commented on GitHub (Feb 22, 2020):

I have the same issue.
billede

<!-- gh-comment-id:590001172 --> @julian-code commented on GitHub (Feb 22, 2020): I have the same issue. ![billede](https://user-images.githubusercontent.com/54644662/75099691-d1cc4e80-55c4-11ea-8548-9d382f8e836f.png)
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@jbleyaert commented on GitHub (Mar 27, 2020):

I also have this issue.

<!-- gh-comment-id:604844836 --> @jbleyaert commented on GitHub (Mar 27, 2020): I also have this issue.
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@Alcadramin commented on GitHub (Apr 3, 2020):

same

<!-- gh-comment-id:608162722 --> @Alcadramin commented on GitHub (Apr 3, 2020): same
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@fabianberisha commented on GitHub (May 25, 2020):

same

<!-- gh-comment-id:633578932 --> @fabianberisha commented on GitHub (May 25, 2020): same
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@verfault commented on GitHub (May 26, 2020):

i have this issue too.

<!-- gh-comment-id:633983162 --> @verfault commented on GitHub (May 26, 2020): i have this issue too.
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@adem commented on GitHub (Sep 20, 2020):

Looks like this is a permission issue with the keys stored in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys. When I try to modify the permissions of the parent folder to give the administrator full control for not just the folder, but also its sub-items, I get the following similar error:
image
I haven't been able to resolve the situation yet. I even deleted the files altogether and rebooted, to no avail.

<!-- gh-comment-id:695435267 --> @adem commented on GitHub (Sep 20, 2020): Looks like this is a permission issue with the keys stored in `C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys`. When I try to modify the permissions of the parent folder to give the administrator full control for not just the folder, but also its sub-items, I get the following similar error: ![image](https://user-images.githubusercontent.com/294340/93692210-7f1e2b00-faf0-11ea-9838-d5180f318bb4.png) I haven't been able to resolve the situation yet. I even deleted the files altogether and rebooted, to no avail.
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@adem commented on GitHub (Sep 20, 2020):

Workaround

Until more is known about this issue, you can use the following workaround to install the CA:

  1. Press Windows+R and run certmgr.msc
  2. Right-click on Trusted Root Certification Authorities > All Tasks > Import...
    (At this point, the Store Location was greyed out, and Current User was preselected for me)
  3. Click Browse... > point it to the rootCA.pem file usually located in %localappdata%\mkcert > Next. When in doubt, double-check the output of mkcert -install to find out the root CA path.
  4. Select Place all certificates in the following store > Browse... > Check Show physical stores > Expand Trusted Root Certification Authorities > Select Local Computer > OK > Next > Finish
  5. The message The import was successful. should appear > Click OK
  6. Verify that your CA is recognized:
    image

Note

If you don't explicitly select the physical store Local Computer, you'll very likely run into the following error message, so make sure not to skip that part. This might be linked to the mkcert -install issue we run into.
image

<!-- gh-comment-id:695776701 --> @adem commented on GitHub (Sep 20, 2020): ### Workaround Until more is known about this issue, you can use the following workaround to install the CA: 1. Press Windows+R and run `certmgr.msc` 2. Right-click on **Trusted Root Certification Authorities** > **All Tasks** > **Import...** (At this point, the Store Location was greyed out, and _Current User_ was preselected for me) 3. Click **Browse...** > point it to the `rootCA.pem` file usually located in `%localappdata%\mkcert` > **Next**. When in doubt, double-check the output of `mkcert -install` to find out the root CA path. 4. Select **Place all certificates in the following store** > **Browse...** > Check **Show physical stores** > Expand **Trusted Root Certification Authorities** > Select **Local Computer** > **OK** > **Next** > **Finish** 5. The message _The import was successful._ should appear > Click **OK** 6. Verify that your CA is recognized: ![image](https://user-images.githubusercontent.com/294340/93710173-d77f1800-fb44-11ea-9ea4-d27cbc46f921.png) ### Note If you don't explicitly select the physical store _Local Computer_, you'll very likely run into the following error message, so make sure not to skip that part. This might be linked to the `mkcert -install` issue we run into. ![image](https://user-images.githubusercontent.com/294340/93710288-b8cd5100-fb45-11ea-91c2-66859632c24a.png)
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@cheslijones commented on GitHub (Mar 21, 2021):

I have a similar issue. I was able to mkcert -install, but now I'm unable to do anything related to mkcert:

image

<!-- gh-comment-id:803597710 --> @cheslijones commented on GitHub (Mar 21, 2021): I have a similar issue. I was able to `mkcert -install`, but now I'm unable to do anything related to `mkcert`: ![image](https://user-images.githubusercontent.com/59094233/111909609-3867aa00-8a1b-11eb-9795-563eb7be10b5.png)
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@rfay commented on GitHub (Mar 21, 2021):

@cheslijones that's mkcert being unable to reaad the CA that's in your own home directory. You need to change the permissions on that directory (AppData\Local\mkcert, or consider deleting the whole directory and doing mkcert -install again. Or is C:\Users\work possibly another user's homedir?

<!-- gh-comment-id:803598929 --> @rfay commented on GitHub (Mar 21, 2021): @cheslijones that's mkcert being unable to reaad the CA that's in *your own home directory*. You need to change the permissions on that directory (AppData\Local\mkcert, or consider deleting the whole directory and doing `mkcert -install` again. Or is C:\Users\work possibly another user's homedir?
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@cheslijones commented on GitHub (Mar 21, 2021):

Ok, l deleted and retried which worked. That is my homedir.

<!-- gh-comment-id:803599293 --> @cheslijones commented on GitHub (Mar 21, 2021): Ok, l deleted and retried which worked. That is my homedir.
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@LichLord91 commented on GitHub (Jul 2, 2022):

Until #453 is merged I created a PowerShell script a while back that'll install the RootCA certs for you and replace it if the thumbprints are different/tell you if its already installed. Feel free to use if it if its to your liking. Just run it in the same directory as the rootCA pem files

Gist link

<!-- gh-comment-id:1172963258 --> @LichLord91 commented on GitHub (Jul 2, 2022): Until #453 is merged I created a PowerShell script a while back that'll install the RootCA certs for you and replace it if the thumbprints are different/tell you if its already installed. Feel free to use if it if its to your liking. Just run it in the same directory as the rootCA pem files [Gist link](https://gist.github.com/LichLord91/ab8d3b472708333f083e3e0a0228a18b)
kerem commented 2026-02-25 22:32:43 +03:00
Author
Owner
Copy link

@bstiffler582 commented on GitHub (Jan 13, 2023):

I was able to resolve this by adding the mkcert executable to the exclusions list in Windows Defender.

<!-- gh-comment-id:1381954141 --> @bstiffler582 commented on GitHub (Jan 13, 2023): I was able to resolve this by adding the mkcert executable to the exclusions list in Windows Defender.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#145
No description provided.