starred/mkcert

Fork 0

mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00

[GH-ISSUE #450] Invalid CA in arch linux #289

New issue

Open

opened 2026-02-25 22:33:02 +03:00 by kerem · 5 comments

kerem commented

2026-02-25 22:33:02 +03:00

Owner

Originally created by @lemonnuggets on GitHub (Jun 6, 2022).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/450

Environment

Operating system (including version): Linux archlinux 5.18.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 30 May 2022 17:53:11 +0000 x86_64 GNU/Linux
mkcert version (from mkcert -version): (devel)
Server (where the certificate is loaded): webpack-dev-server
Client (e.g. browser, CLI tool, or script):
- Brave 1.39.111 Chromium: 102.0.5005.61 (Official Build) (64-bit)
- Google Chrome 102.0.5005.61 (Official Build) (64-bit)
- Firefox 101.0

What you did

Ran mkcert -install and mkcert localhost as instructed to generate valid certificate.

Verified that certificate authority was added to all browsers.

Brave

Chrome

Firefox

Added the following lines to my .env file within my create-react-app project to make the dev server aware of the certificates.

HTTPS=true
SSL_CERT_FILE=.cert/localhost.pem
SSL_KEY_FILE=.cert/localhost-key.pem

What went wrong

NET::ERR_CERT_AUTHORITY_INVALID in brave and chrome

MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT in firefox

Originally created by @lemonnuggets on GitHub (Jun 6, 2022). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/450 ## Environment * Operating system (including version): `Linux archlinux 5.18.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 30 May 2022 17:53:11 +0000 x86_64 GNU/Linux` * mkcert version (from `mkcert -version`): `(devel)` * Server (where the certificate is loaded): webpack-dev-server * Client (e.g. browser, CLI tool, or script): * Brave 1.39.111 Chromium: 102.0.5005.61 (Official Build) (64-bit) * Google Chrome 102.0.5005.61 (Official Build) (64-bit) * Firefox 101.0 ## What you did Ran `mkcert -install` and `mkcert localhost` as instructed to generate valid certificate. ![image](https://user-images.githubusercontent.com/63046776/172155302-ed698281-d5e3-4ec1-84ff-b883f28c18fc.png) Verified that certificate authority was added to all browsers. Brave ![image](https://user-images.githubusercontent.com/63046776/172156248-c4157a4c-05a0-484b-b1d7-f784b3ee8f70.png) Chrome ![image](https://user-images.githubusercontent.com/63046776/172156337-3573f2e1-3811-4955-8124-f3545fd4216f.png) Firefox ![image](https://user-images.githubusercontent.com/63046776/172156556-82c5447d-15f9-49a8-8340-21a640c145f2.png) Added the following lines to my `.env` file within my create-react-app project to make the dev server aware of the certificates. ``` HTTPS=true SSL_CERT_FILE=.cert/localhost.pem SSL_KEY_FILE=.cert/localhost-key.pem ``` ## What went wrong `NET::ERR_CERT_AUTHORITY_INVALID` in brave and chrome ![image](https://user-images.githubusercontent.com/63046776/172156724-f2e65f55-e30a-435a-83be-0b5d6c247cde.png) ![image](https://user-images.githubusercontent.com/63046776/172156767-9c86a509-bebd-4606-acf5-1045a490198d.png) `MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT` in firefox ![image](https://user-images.githubusercontent.com/63046776/172156841-0d24c822-7faf-4f39-a6b6-ea31e7dae852.png)

kerem commented

2026-02-25 22:33:02 +03:00

Author

Owner

@FiloSottile commented on GitHub (Jun 6, 2022):

The server did not load the mkcert certificate for some reason. You can see the reported Issuer is “localhost” while mkcert certificates all have an Issuer that starts with “mkcert”

Sent from a small keyboard

On Jun 6, 2022, at 14:07, Adam Jijo @.***> wrote:

Environment

Operating system (including version): Linux archlinux 5.18.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 30 May 2022 17:53:11 +0000 x86_64 GNU/Linux
mkcert version (from mkcert -version): (devel)
Server (where the certificate is loaded): webpack-dev-server
Client (e.g. browser, CLI tool, or script):
Brave 1.39.111 Chromium: 102.0.5005.61 (Official Build) (64-bit)
Google Chrome 102.0.5005.61 (Official Build) (64-bit)
Firefox 101.0
What you did

Ran mkcert -install and mkcert localhost as instructed to generate valid certificate.

Verified that certificate authority was added to all browsers.

Brave

Chrome

Firefox

Added the following lines to my .env file within my create-react-app project to make the dev server aware of the certificates.

HTTPS=true
SSL_CERT_FILE=.cert/localhost.pem
SSL_KEY_FILE=.cert/localhost-key.pem
What went wrong

NET::ERR_CERT_AUTHORITY_INVALID in brave and chrome

MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT in firefox

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.

@FiloSottile commented on GitHub (Jun 6, 2022): The server did not load the mkcert certificate for some reason. You can see the reported Issuer is “localhost” while mkcert certificates all have an Issuer that starts with “mkcert” Sent from a small keyboard > On Jun 6, 2022, at 14:07, Adam Jijo ***@***.***> wrote: > > > Environment > > Operating system (including version): Linux archlinux 5.18.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 30 May 2022 17:53:11 +0000 x86_64 GNU/Linux > mkcert version (from mkcert -version): (devel) > Server (where the certificate is loaded): webpack-dev-server > Client (e.g. browser, CLI tool, or script): > Brave 1.39.111 Chromium: 102.0.5005.61 (Official Build) (64-bit) > Google Chrome 102.0.5005.61 (Official Build) (64-bit) > Firefox 101.0 > What you did > > Ran mkcert -install and mkcert localhost as instructed to generate valid certificate. > > > Verified that certificate authority was added to all browsers. > > Brave > > > Chrome > > > Firefox > > > Added the following lines to my .env file within my create-react-app project to make the dev server aware of the certificates. > > HTTPS=true > SSL_CERT_FILE=.cert/localhost.pem > SSL_KEY_FILE=.cert/localhost-key.pem > What went wrong > > NET::ERR_CERT_AUTHORITY_INVALID in brave and chrome > > > > MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT in firefox > > > — > Reply to this email directly, view it on GitHub, or unsubscribe. > You are receiving this because you are subscribed to this thread.

kerem commented

2026-02-25 22:33:02 +03:00

Author

Owner

@Cloufish commented on GitHub (Apr 8, 2023):

@FiloSottile

I have the same issue, but I think I've used correct commands:

mkcert -key-file server-key.pem -cert-file server-cert.pem "home" "*.home"

mkcert --install

And I still get not trusted certificate:

@Cloufish commented on GitHub (Apr 8, 2023): @FiloSottile I have the same issue, but I think I've used correct commands: ```bash mkcert -key-file server-key.pem -cert-file server-cert.pem "home" "*.home" ``` ![image](https://user-images.githubusercontent.com/32965886/230712575-3d10e692-8480-47d7-8fc2-b11209799095.png) ``` mkcert --install ``` ![image](https://user-images.githubusercontent.com/32965886/230712600-7ac1d08f-269a-4c6a-b653-6591ddb0f43c.png) And I still get not trusted certificate: ![image](https://user-images.githubusercontent.com/32965886/230712845-54f7a689-ffc7-441d-b548-2db38743daf5.png) ![image](https://user-images.githubusercontent.com/32965886/230712674-e710602d-7f36-4b2b-a147-579a3a679539.png) ![image](https://user-images.githubusercontent.com/32965886/230712744-ed054f8a-3c67-468a-ae5e-f5f03c4e4fbd.png)

kerem commented

2026-02-25 22:33:02 +03:00

Author

Owner

@66RING commented on GitHub (Dec 4, 2023):

same issue and issuer starts with “mkcert”

@66RING commented on GitHub (Dec 4, 2023): same issue and issuer starts with “mkcert” ![image](https://github.com/FiloSottile/mkcert/assets/49358576/f5469fa1-8431-4814-8202-41bb62082962) ![image](https://github.com/FiloSottile/mkcert/assets/49358576/5eaae16b-0c25-4aa2-a04b-c1f4ce7d5295)

kerem commented

2026-02-25 22:33:02 +03:00

Author

Owner

@nakashu commented on GitHub (Dec 4, 2023):

I guess I had a similar issue. Spend few hours debugging it.

It seems the problem is with Brave Browser.
My assumption is the store/location for CA is in different location for Brave than mkcert uses, for other browsers.
Eg. mkcert doesn't support it yet.

What I did to get to this conclusion

install Chromium
check if site/cert is loaded properly. (for me it was ok)
check in Brave -> doesn't work
compare Chromium vs Brave authorities - setting -> privacy -> manage certificates -> authorities
For me chromium had mkcert authority, Brave didnt'
Add the auhtority manualy to Brave - test if it work -> yes.

Maybe it will help someone.

@nakashu commented on GitHub (Dec 4, 2023): I guess I had a similar issue. Spend few hours debugging it. It seems the problem is with Brave Browser. My assumption is the store/location for CA is in different location for Brave than `mkcert` uses, for other browsers. Eg. mkcert doesn't support it yet. What I did to get to this conclusion - install Chromium - check if site/cert is loaded properly. (for me it was ok) - check in Brave -> doesn't work - compare Chromium vs Brave authorities - setting -> privacy -> manage certificates -> authorities - For me chromium had mkcert authority, Brave didnt' - Add the auhtority manualy to Brave - test if it work -> yes. Maybe it will help someone.

kerem commented

2026-02-25 22:33:02 +03:00

Author

Owner

@tikumo commented on GitHub (Jun 30, 2024):

compare Chromium vs Brave authorities - setting -> privacy -> manage certificates -> authorities

My problem was fixed by clicking on the 3 dots for extra options and then trusting the cert.

@tikumo commented on GitHub (Jun 30, 2024): > * compare Chromium vs Brave authorities - setting -> privacy -> manage certificates -> authorities My problem was fixed by clicking on the 3 dots for extra options and then trusting the cert. ![Screenshot from 2024-06-30 22-30-59](https://github.com/FiloSottile/mkcert/assets/559615/cc01abe2-d94f-43d0-989d-02caee053e59)