starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #334] NET::ERR_CERT_AUTHORITY_INVALID on Raspbian Buster #215

New issue
Closed
opened 2026-02-25 22:32:52 +03:00 by kerem · 4 comments
kerem commented 2026-02-25 22:32:52 +03:00
Owner
Copy link

Originally created by @sguilliard on GitHub (Jan 24, 2021).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/334

Been following the directions to install on Raspberry Pi 4b here: https://kifarunix.com/how-to-create-self-signed-ssl-certificate-with-mkcert-on-ubuntu-18-04/ (using the latest releases - tried both mkcert-v1.4.3-linux-arm64 wouldn't execute, but the 32-bit version executed ok: mkcert-v1.4.3-linux-arm
mkcert appears to be installed ok, but the CA isn't being accepted by the Chromium browser on the local machine (should this also work for other machine accessing from the LAN?). Trying to find more details directions to see if there's soemthing I've missed, but now at a loss...

Browser returns the following in Chrome (Firefox the same):

NET::ERR_CERT_AUTHORITY_INVALID
Subject: mkcert development certificate

Issuer: mkcert root@aardvarkyweb

Expires on: 24 Apr 2023

Current date: 24 Jan 2021

PEM encoded chain:
Originally created by @sguilliard on GitHub (Jan 24, 2021). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/334 Been following the directions to install on Raspberry Pi 4b here: [https://kifarunix.com/how-to-create-self-signed-ssl-certificate-with-mkcert-on-ubuntu-18-04/](https://kifarunix.com/how-to-create-self-signed-ssl-certificate-with-mkcert-on-ubuntu-18-04/) (using the latest releases - tried both [mkcert-v1.4.3-linux-arm64](https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-arm64) wouldn't execute, but the 32-bit version executed ok: [mkcert-v1.4.3-linux-arm](https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-arm) mkcert appears to be installed ok, but the CA isn't being accepted by the Chromium browser on the local machine (should this also work for other machine accessing from the LAN?). Trying to find more details directions to see if there's soemthing I've missed, but now at a loss... Browser returns the following in Chrome (Firefox the same): ``` NET::ERR_CERT_AUTHORITY_INVALID Subject: mkcert development certificate Issuer: mkcert root@aardvarkyweb Expires on: 24 Apr 2023 Current date: 24 Jan 2021 PEM encoded chain: ```
kerem closed this issue 2026-02-25 22:32:52 +03:00
kerem commented 2026-02-25 22:32:53 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Jan 24, 2021):

mkcert needs to be installed on the machine from which you access the site. If you install it on a Raspberry Pi, you then need to follow there instructions to copy its CA to your computer and install it.

https://github.com/FiloSottile/mkcert#installing-the-ca-on-other-systems

<!-- gh-comment-id:766368674 --> @FiloSottile commented on GitHub (Jan 24, 2021): mkcert needs to be installed on the machine from which you access the site. If you install it on a Raspberry Pi, you then need to follow there instructions to copy its CA to your computer and install it. https://github.com/FiloSottile/mkcert#installing-the-ca-on-other-systems
kerem commented 2026-02-25 22:32:53 +03:00
Author
Owner
Copy link

@sguilliard commented on GitHub (Jan 24, 2021):

The error is from the local machine (the same machine that mkcert is installed on)

<!-- gh-comment-id:766392806 --> @sguilliard commented on GitHub (Jan 24, 2021): The error is from the local machine (the same machine that mkcert is installed on)
kerem commented 2026-02-25 22:32:53 +03:00
Author
Owner
Copy link

@sguilliard commented on GitHub (Jan 24, 2021):

I think I've solved the problem. Install should not be done from the root on a raspberry pi (do not use SUDO), and neither should the cert generation. Is this a thing just on the RPi? Anyway, all working now...

<!-- gh-comment-id:766407265 --> @sguilliard commented on GitHub (Jan 24, 2021): I think I've solved the problem. Install should not be done from the root on a raspberry pi (do not use SUDO), and neither should the cert generation. Is this a thing just on the RPi? Anyway, all working now...
kerem commented 2026-02-25 22:32:53 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Jan 24, 2021):

Glad you got it working. mkcert will generate a different CA for every user you run it as, so root will have a different CA.

<!-- gh-comment-id:766421159 --> @FiloSottile commented on GitHub (Jan 24, 2021): Glad you got it working. mkcert will generate a different CA for every user you run it as, so root will have a different CA.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#215
No description provided.