mirror of
https://github.com/FiloSottile/mkcert.git
synced 2026-04-25 05:26:03 +03:00
[GH-ISSUE #232] wildcard certs don't work on Windows #149
Labels
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/mkcert#149
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Strandedpirate on GitHub (Jan 9, 2020).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/232
Windows 10 x64
Chrome 79.0.3945.88
Wildcard certificates created per the doc do not work on Windows 10. The cert shows up in Chrome as Invalid for whoami.localhost.
mkcert -key-file key.pem -cert-file cert.pem *.localhostNon-wildcard certificates with specific subject alternative names do work. This shows up as Valid in Chrome for whoami.localhost.
mkcert -key-file key.pem -cert-file cert.pem blog.example.com whoami.localhost@blotsome commented on GitHub (Jan 20, 2020):
I may have this problem as well. I used wildcard certs and both Chrome and Firefox in windows don't show the green lock, Chrome says cert is invalid, and Firefox "connection is not secure".
Tested on Android and I get the lock. My mkcert command was
mkcert host.lan "*.host.lan" localhost 127.0.01 x.x.x.xwhere x.x.x.x was the static IP of my server. Not sure I needed all that in there, but like I said, android doesn't seem to complain, where 2 browsers in Windows do.
@blotsome commented on GitHub (Jan 28, 2020):
Assuming this is a Windows issue, is there any work around? Or say I am setting up half a dozen subdomains for various selfhosted services, plex.server.lan, bw.server.lan, pihole.server.lan, is there a more automated way to create and import multiple certs instead of doing them one at a time?
@timwis commented on GitHub (Feb 1, 2020):
Have you tried surrounding the wildcard hostname in quotes like the documentation example? e.g.
mkcert "*.localhost"Alternatively, I read somewhere that Windows doesn't recognise
pemfiles as certificates. Try using-cert-file sitename.crt -key-file sitename.key.Note that I'm just another mkcert using making a guess. Haven't tried it on windows.
@blotsome commented on GitHub (Apr 18, 2020):
I tried creating a single domain cert, and importing the CA again using mkcert, and didn't seem to do anything, so I then manually loaded the cert into Chrome/windows database, and still nothing. I rebooted Chrome and it worked. But I also noticed I was getting the lock ICON on my wildcard cert domains... so I updated NGINX to only use the wildcard cert again, restarted NGINX, restarted Chrome, and they appear to be working for now, in both Chrome and Firefox. I don't know if it was restarting Chrome (which I'm sure I did the first time around) or manually loading the certs or maybe just the first import failed for some reason? I can't explain it, but for now my 5 subdomains are up and running with a single wildcard cert (though pihole still isn't showing the lock icon for some reason). I wish I had a better explanation.
@FiloSottile commented on GitHub (Oct 25, 2020):
@blotsome's issue sounds like it was resolved. @Strandedpirate's is probably due to the fact that browsers don't support first level wildcards like
*.com. mkcert prints an error for those, but can't do anything else.@renatofrota commented on GitHub (Feb 11, 2024):
check https://github.com/FiloSottile/mkcert/issues/383#issuecomment-1937455068