[GH-ISSUE #422] Wrong SSL read in browsers #278

New issue

Closed

opened 2026-02-25 22:33:00 +03:00 by kerem · 0 comments

kerem commented 2026-02-25 22:33:00 +03:00

Owner

Copy link

Originally created by @damms005 on GitHub (Jan 19, 2022).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/422

Strangely, I've been unable to get generated SSLs to work on my new computer (works on previous one). While trying to debug this, I found that the expiry dates reported by browsers for the cert are wrong. I will use snapshots of Chrome to explain.

After running mkcert -install, I generated the cert with mkcert tims.local "*.tims.local" example.test localhost 127.0.0.1 ::1. Command output was good.

I configured apache to use it. Relevant site config lines are:

        SSLEngine on
        SSLCertificateKeyFile   /etc/ssl/certs/tims.local+5-key.pem
        SSLCertificateFile      /etc/ssl/certs/tims.local+5.pem

Restarted apache, restarted browsers. Error persists. Clicking on "Not secure" on Chrome address bar area, I get this:

I ran the cert creation code at

Jan 19 2022 at 07:51
on my local computer. ls /etc/ssl/certs/tims.local+5-key.pem also confirms that.

Where did Chrome get an Expires On value of:

Wednesday, 5 November 2031 at 02:15:54

My best guess is that somehow Chrome is holding on to some old, previously generated cert? I've tried clearing cache and all that, to no avail

Originally created by @damms005 on GitHub (Jan 19, 2022). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/422 Strangely, I've been unable to get generated SSLs to work on my new computer (works on previous one). While trying to debug this, I found that the expiry dates reported by browsers for the cert are wrong. I will use snapshots of Chrome to explain. After running `mkcert -install`, I generated the cert with `mkcert tims.local "*.tims.local" example.test localhost 127.0.0.1 ::1`. Command output was good. I configured apache to use it. Relevant site config lines are: ``` SSLEngine on SSLCertificateKeyFile /etc/ssl/certs/tims.local+5-key.pem SSLCertificateFile /etc/ssl/certs/tims.local+5.pem ```` Restarted apache, restarted browsers. Error persists. Clicking on "Not secure" on Chrome address bar area, I get this:  I ran the cert creation code at > Jan 19 2022 at 07:51 on my local computer. `ls /etc/ssl/certs/tims.local+5-key.pem` also confirms that. Where did Chrome get an `Expires On` value of: > Wednesday, 5 November 2031 at 02:15:54 My best guess is that somehow Chrome is holding on to some old, previously generated cert? I've tried clearing cache and all that, to no avail

kerem closed this issue 2026-02-25 22:33:00 +03:00

kerem referenced this issue 2026-02-25 22:33:29 +03:00

[PR #278] [CLOSED] Adds support to pass CA name #433

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.9.1

v0.9.0

Labels

Clear labels   

TLS stack issue

  

Windows

  

bug

  

duplicate

  

duplicate

  

enhancement

  

help wanted

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

root store

  

waiting for info

No labels

TLS stack issue

Windows

bug

duplicate

duplicate

enhancement

help wanted

help wanted

pull-request

question

question

root store

waiting for info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mkcert#278

No description provided.