starred/mkcert

Fork 0

mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 13:36:02 +03:00

[GH-ISSUE #67] Unclear how to use it (need help please) #35

New issue

Closed

opened 2026-02-25 22:32:26 +03:00 by kerem · 5 comments

kerem commented

2026-02-25 22:32:26 +03:00

Owner

Originally created by @bogdan-h on GitHub (Aug 23, 2018).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/67

I'm not an expert in this matter, but I really need help as I exhausted all the resources I had available (SO mostly).
So, what I need is to be capable to communicate over "https" with a local OWIN server (hosted inside a console application). Until now what I was doing was to generate a self-signed-certificate (from Windows), add it to the windows certificate store and then register it to the localhost for a specific port as follows :

netsh http add urlacl url=https://localhost:1234/ user=Everyone
netsh http add sslcert ipport=0.0.0.0:1234 certhash= appid={generate-guid}

This doesn't work properly and I will receive an 'ugly' : "Not Secure" mark form chrome browser.
What I tried to do with your application was to generate a certificate (in either .pem or .p12 format) , import it in the 'Local Computer->Trusted root' certificates store and then try to use it in the manner described above - where the <cert-thumb...> will be the thumbprint of the "mkcert" generated certificate.
I was not able to get to any successful result as I will always received:

"SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated. "

Can you please give me a couple of pointers on how to use your application in Windows in order to get a proper local-certificate ?
Btw - after executing "mkcert -install" I will receive :

D:_Projects\localhost-certificate>mkcert -install
Using the local CA at "C:\Users\bogdan\AppData\Local\mkcert" ✨
Note: Firefox support is not available on your platform.

What is different from this message and the one that you are presenting is the mention that :
The local CA is now installed in the system trust store! - which I don't have in my case.

Thank you in advance.

Originally created by @bogdan-h on GitHub (Aug 23, 2018). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/67 I'm not an expert in this matter, but I **really** need help as I exhausted all the resources I had available (SO mostly). So, what I need is to be capable to communicate over "https" with a local OWIN server (hosted inside a console application). Until now what I was doing was to generate a self-signed-certificate (from Windows), add it to the windows certificate store and then register it to the localhost for a specific port as follows : _netsh http add urlacl url=https://localhost:1234/ user=Everyone netsh http add sslcert ipport=0.0.0.0:1234 certhash=<cert-thumbprint-from-certificate-store> appid={generate-guid}_ This doesn't work properly and I will receive an 'ugly' : "**Not Secure**" mark form chrome browser. What I tried to do with your application was to generate a certificate (in either .pem or .p12 format) , import it in the 'Local Computer->Trusted root' certificates store and then try to use it in the manner described above - where the <cert-thumb...> will be the thumbprint of the "**mkcert**" generated certificate. I was not able to get to any successful result as I will always received: _"SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated. "_ Can you please give me a couple of pointers on how to use your application in Windows in order to get a proper local-certificate ? Btw - after executing "mkcert -install" I will receive : _D:\_Projects\localhost-certificate>mkcert -install Using the local CA at "C:\Users\bogdan\AppData\Local\mkcert" ✨ Note: Firefox support is not available on your platform._ What is different from this message and the one that you are presenting is the mention that : _The local CA is now installed in the system trust store!_ - which I don't have in my case. Thank you in advance.

kerem

2026-02-25 22:32:26 +03:00

closed this issue
added the
question
label

kerem commented

2026-02-25 22:32:26 +03:00

Author

Owner

@nickkaczmarek commented on GitHub (Aug 23, 2018):

Have you tried putting it in the Personal/Certificates location in the .p12 format? Also, are you using IIS as your webserver?

I believe the firefox error is because it's not yet supported for mkcert in Windows. At least not currently.

@nickkaczmarek commented on GitHub (Aug 23, 2018): Have you tried putting it in the Personal/Certificates location in the .p12 format? Also, are you using IIS as your webserver? I believe the firefox error is because it's not yet supported for mkcert in Windows. At least not currently.

kerem commented

2026-02-25 22:32:26 +03:00

Author

Owner

@bogdan-h commented on GitHub (Aug 23, 2018):

Hi Nick,

No, actually I did not try to place it on the Personal Certificates stores (from the Local Machine) and I'll try that asap.
Now regarding the IIS - as I was mentioning I'm not connecting to IIS but to an OWIN web server hosted in a console application. Think about it as a web server under the NodeJS framework :

var http = require('http');

//create a server object:
http.createServer(function (req, res) {
  res.write('Hello World!'); //write a response to the client
  res.end(); //end the response
}).listen(8080); //the server object listens on port 8080 
// this locally created web server will listen on the localhost on port 8080 :
// the call to http://localhost:8080  will respond with 'Hello World!'

Also my note referring to the message after executing mkcert -install was that I did not received the 'The local CA is now installed in the system trust store!' message which I was expecting.

Long story short I'm not able to get to the localhost and get something like that (and how/what I need to do in order to get it) :

@bogdan-h commented on GitHub (Aug 23, 2018): Hi Nick, No, actually I did not try to place it on the Personal Certificates stores (from the Local Machine) and I'll try that asap. Now regarding the IIS - as I was mentioning I'm not connecting to IIS but to an [OWIN](http://owin.org/#about) web server hosted in a console application. Think about it as a web server under the NodeJS framework : ````js var http = require('http'); //create a server object: http.createServer(function (req, res) { res.write('Hello World!'); //write a response to the client res.end(); //end the response }).listen(8080); //the server object listens on port 8080 // this locally created web server will listen on the localhost on port 8080 : // the call to http://localhost:8080 will respond with 'Hello World!' ```` Also my note referring to the message after executing _mkcert -install_ was that I did not received the '**The local CA is now installed in the system trust store!**' message which I was expecting. Long story short I'm not able to get to the localhost and get something like that (and how/what I need to do in order to get it) : ![https-localhost](https://user-images.githubusercontent.com/1225294/41887838-7acd55ca-78d0-11e8-8a81-139a54faaf87.png)

kerem commented

2026-02-25 22:32:26 +03:00

Author

Owner

@treadpit commented on GitHub (Sep 12, 2018):

I am a newbie, and performed the following operations:

$ mkcert -install
Created a new local CA at "/Users/treadpit/Library/Application Support/mkcert" 💥
Password:
The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in Java's trust store! ☕️

$ mkcert localhost 127.0.0.1 ::1
Using the local CA at "/Users/treadpit/Library/Application Support/mkcert" ✨
Created a new certificate valid for the following names 📜
 - "localhost"
 - "127.0.0.1"
 - "::1"

The certificate is at "./localhost+2.pem" and the key at "./localhost+2-key.pem" ✅

everything is ok, but When I start the service of port 8080，in browser：

http

and https

What is missing?

@treadpit commented on GitHub (Sep 12, 2018): I am a newbie, and performed the following operations: ``` $ mkcert -install Created a new local CA at "/Users/treadpit/Library/Application Support/mkcert" 💥 Password: The local CA is now installed in the system trust store! ⚡️ The local CA is now installed in Java's trust store! ☕️ $ mkcert localhost 127.0.0.1 ::1 Using the local CA at "/Users/treadpit/Library/Application Support/mkcert" ✨ Created a new certificate valid for the following names 📜 - "localhost" - "127.0.0.1" - "::1" The certificate is at "./localhost+2.pem" and the key at "./localhost+2-key.pem" ✅ ``` everything is ok, but When I start the service of port 8080，in browser： **`http`** ![image](https://user-images.githubusercontent.com/10692855/45399993-dde87880-b67c-11e8-99c3-3ea57836975f.png) and **`https`** ![image](https://user-images.githubusercontent.com/10692855/45400023-fd7fa100-b67c-11e8-9ccc-2c3c270ccae1.png) What is missing?

kerem commented

2026-02-25 22:32:26 +03:00

Author

Owner

@adamdecaf commented on GitHub (Sep 12, 2018):

What service is running on localhost:8080? Can it handle tls?

@adamdecaf commented on GitHub (Sep 12, 2018): What service is running on localhost:8080? Can it handle tls?

kerem commented

2026-02-25 22:32:26 +03:00

Author

Owner

@treadpit commented on GitHub (Oct 29, 2018):

@adamdecaf I'm sorry, this problem caused by my nginx config, thanks for your help.

@treadpit commented on GitHub (Oct 29, 2018): @adamdecaf I'm sorry, this problem caused by my nginx config, thanks for your help.