mirror of
https://github.com/FiloSottile/mkcert.git
synced 2026-04-25 05:26:03 +03:00
[GH-ISSUE #239] Support firefox on Windows #155
Labels
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/mkcert#155
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @kanlukasz on GitHub (Feb 21, 2020).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/239
Hello, i would like to ask about support for FF @ Windows 10
Is any chance / plans for this?
Or maybe do you know any "hack" for it ?
@rfay commented on GitHub (Feb 21, 2020):
These instructions should work for you, courtesy of @gilbertsoft: https://ddev.readthedocs.io/en/stable/#windows-and-firefox-mkcert-install-additional-instructions
@kanlukasz commented on GitHub (Feb 21, 2020):
Woooow, I can't believe it, but at first glance it works without a problem!
The only thing I had to do differently was choose
rootCA.peminsteadrootCA-key.pemI leave this ticket open - maybe it will be helpful to the mkcert author
@mattbrundage commented on GitHub (Apr 15, 2020):
This looks promising: https://blog.mozilla.org/security/2020/04/14/expanding-client-certificates-in-firefox-75/
@blisstik commented on GitHub (Apr 19, 2020):
@mattbrundage - it worked for me! TY!
@onetrev commented on GitHub (Aug 18, 2020):
I found @mattbrundage that didn't work for me. But I have had luck since FF 64 with enabling this setting instead: https://wiki.mozilla.org/CA/AddRootToFirefox
It has worked for me both with my own manually created certs with OpenSSL and the one I just created with
mkcert.@FiloSottile commented on GitHub (Oct 25, 2020):
It looks like it should be possible to implement this with the system certutil. If someone with a Windows box could contribute that it would be great.
In the meantime, the two options are adding it manually or enabling system roots in Firefox.
@onetrev commented on GitHub (Mar 13, 2021):
I'm been wanting to help on this for some time. I've been looking through the Mozilla docs for certutil, but not really sure where to start unfortunately. I should be able to circle back to this in a week or two, but any hints to get me started would be very helpful.
@tkreindler commented on GitHub (May 10, 2022):
Setting security.enterprise_roots.enabled = true in Firefox about:config worked for me, nothing else required. Latest version 100 installed through Windows Store.
@chetan commented on GitHub (Aug 1, 2022):
@FiloSottile I've implemented a workaround using an embedded version of the certutil binaries on all platforms. Happy to submit a PR if you're ok with that approach. You can see the change here and here. Only real issue I have with this approach currently is cleaning up the temp dir on any error, but I'm ok with letting the binaries get cleaned up later by the user or OS as a worst case.
@rfay commented on GitHub (Aug 1, 2022):
I'm not @FiloSottile but please submit the PR, as long as you've confirmed it works on all platforms, mac (both architectures), Windows, Linux (arm64/amd64). It would be great not to have to instruct people about this.
@chetan commented on GitHub (Aug 2, 2022):
@rfay Mac and Windows should be fine but Linux/arm64 might be a little trickier, particularly with varying versions of glibc.
I grabbed a certutil binary for my
armv7lraspi but the glibc was incompatible on my box. Might be possible to build the binaries but probably better to depend on system packages for other than the standard case on linux. Thoughts?@rfay commented on GitHub (Aug 2, 2022):
Yeah, if you can't solve it on all platforms it won't be a go IMO. Ubuntu arm64 has certutil.... If you're copying the certutil binary from somewhere for each platform and then embedding it I don't think that would be a useful or reliable technique. mkcert needs to be built from source.
@chetan commented on GitHub (Aug 2, 2022):
Right, it's not compiling at install time. It's pretty easy to solve for Windows but Mac and Linux are a bit more complicated due to shared libs as mentioned earlier, but there it's also somewhat easier to solve since the tool itself would generally be installed via package manager.
@rfay commented on GitHub (Aug 2, 2022):
Not everybody uses package manager to install mkcert, although I note that it's now in Ubuntu 22.04 packages, not sure how it got there.
@ZainabAl-khabori commented on GitHub (Feb 12, 2023):
I hope this is still open.
The certificate appears to be correctly installed and my https://localhost:[PORT] website opens without any warnings, but I still get "This operation is insecure" exception when trying to register a service worker.
This is exactly as if I was running it on http instead of https.
Is this a matter of trusting the certificate? But it should have displayed a warning otherwise it did at first, before adding the ca to firefox. Can anybody help me out, at least give suggestions about what might be the issue?