[GH-ISSUE #230] Chromium 78 rejects importing key #147

New issue

Closed

opened 2026-02-25 22:32:43 +03:00 by kerem · 3 comments

kerem commented 2026-02-25 22:32:43 +03:00

Owner

Copy link

Originally created by @luke-jr on GitHub (Dec 30, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/230

Tried to import the key into Chromium:

Certification Authority Import Error
The file contained one certificate, which was not imported:
mkcert development certificate: Not a Certification Authority

Chromium Version 78.0.3904.87

Originally created by @luke-jr on GitHub (Dec 30, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/230 Tried to import the key into Chromium: ``` Certification Authority Import Error The file contained one certificate, which was not imported: mkcert development certificate: Not a Certification Authority ``` Chromium Version 78.0.3904.87

kerem 2026-02-25 22:32:43 +03:00

• closed this issue
• added the
  question
  label

kerem commented 2026-02-25 22:32:43 +03:00

Author

Owner

Copy link

@FiloSottile commented on GitHub (Dec 31, 2019):

Can you provide us the steps you followed to import the key? I am not entirely sure what that means.

<!-- gh-comment-id:569868407 --> @FiloSottile commented on GitHub (Dec 31, 2019): Can you provide us the steps you followed to import the key? I am not entirely sure what that means.

kerem commented 2026-02-25 22:32:43 +03:00

Author

Owner

Copy link

@luke-jr commented on GitHub (Dec 31, 2019):

Ran mkcert router.lan 192.168.1.1 which made a .pem and -key.pem file pair.

Opened up chrome://settings/certificates in Chromium. Selected the Authorities tab.

Clicked Import and selected the [bare] .pem file. Checked "Trust this certificate for identifying websites" and OK.

Then I get the error.

<!-- gh-comment-id:569872759 --> @luke-jr commented on GitHub (Dec 31, 2019): Ran `mkcert router.lan 192.168.1.1` which made a `.pem` and `-key.pem` file pair. Opened up `chrome://settings/certificates` in Chromium. Selected the `Authorities` tab. Clicked `Import` and selected the [bare] `.pem` file. Checked "Trust this certificate for identifying websites" and `OK`. Then I get the error.

kerem commented 2026-02-25 22:32:43 +03:00

Author

Owner

Copy link

@FiloSottile commented on GitHub (Dec 31, 2019):

It sounds like Chromium wants the issuer to be imported there, not the leaf certificate ("Not a Certification Authority"). You'll find your mkcert CA with mkcert -CAROOT.

Note that the default way to make your mkcert certificates trusted is to use mkcert -install to get the root automatically into the system trust store.

<!-- gh-comment-id:569873157 --> @FiloSottile commented on GitHub (Dec 31, 2019): It sounds like Chromium wants the issuer to be imported there, not the leaf certificate ("Not a Certification Authority"). You'll find your mkcert CA with `mkcert -CAROOT`. Note that the default way to make your mkcert certificates trusted is to use `mkcert -install` to get the root automatically into the system trust store.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.9.1

v0.9.0

Labels

Clear labels   

TLS stack issue

  

Windows

  

bug

  

duplicate

  

duplicate

  

enhancement

  

help wanted

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

root store

  

waiting for info

No labels

TLS stack issue

Windows

bug

duplicate

duplicate

enhancement

help wanted

help wanted

pull-request

question

question

root store

waiting for info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mkcert#147

No description provided.