kerem commented

Owner

Originally created by @ivangretsky on GitHub (Sep 6, 2018).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/73

Good day!

This project is something I've been dreaming to happen for a long time. And now it is ready for Windows so a dream comes true) Thanks for this!

I did try to install and make it work, but could not cope and do not know what to do next.

What I did:

Downloaded mkcert-v1.1.2-windows-amd64.exe from here.
Moved the file to a folder in Windows path and renamed it to mkcert.exe so it could be called from cmd with just mkcert.
In cmd ran mkcert -install. There was a popup to confirm adding local CA to trusted system store (or something like that). I agreed. There was all the expected messages in the cmd. Two files were added to C:\Users\ХХХ\AppData\Local\mkcert\: rootCA.pem and rootCA-key.pem.
Ran mkcert test.xyz. Two files were added to C:\Users\XXX\: test.xyz.pem and test.xyz-key.pem (is it the right place to add them???)
Launched a local dev server with the test.xyz configured to be served both on http and https.
Opened Chrome (Firefox is said to be not supported). Entered https://test.xyz in the address bar.
Got an ERR_SSL_SERVER_CERT_BAD_FORMAT error.

What did i do wrong? How can I debug?

Originally created by @ivangretsky on GitHub (Sep 6, 2018). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/73 Good day! This project is something I've been dreaming to happen for a long time. And now it is ready for Windows so a dream comes true) Thanks for this! I did try to install and make it work, but could not cope and do not know what to do next. What I did: 1. Downloaded **mkcert-v1.1.2-windows-amd64.exe** from [here](https://github.com/FiloSottile/mkcert/releases/tag/v1.1.2). 2. Moved the file to a folder in Windows path and renamed it to mkcert.exe so it could be called from **cmd** with just `mkcert`. 3. In **cmd** ran `mkcert -install`. There was a popup to confirm adding local CA to trusted system store (or something like that). I agreed. There was all the expected messages in the **cmd**. Two files were added to `C:\Users\ХХХ\AppData\Local\mkcert\`: **rootCA.pem** and **rootCA-key.pem**. 4. Ran `mkcert test.xyz`. Two files were added to `C:\Users\XXX\`: **test.xyz.pem** and **test.xyz-key.pem** (is it the right place to add them???) 5. Launched a local dev server with the **test.xyz** configured to be served both on http and https. 6. Opened Chrome (Firefox is said to be not supported). Entered **https://test.xyz** in the address bar. 7. Got an `ERR_SSL_SERVER_CERT_BAD_FORMAT` error. What did i do wrong? How can I debug?

kerem

2026-02-25 22:32:26 +03:00

closed this issue
added the
question
label

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@xyzdata commented on GitHub (Sep 14, 2018):

docs for windows is wanted.

@xyzdata commented on GitHub (Sep 14, 2018): # docs for windows is wanted.

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@xgqfrms commented on GitHub (Sep 14, 2018):

what's wrong with this ?

C:\Users\xxx\AppData\Local\mkcert

@xgqfrms commented on GitHub (Sep 14, 2018): # what's wrong with this ? > C:\Users\xxx\AppData\Local\mkcert ![image](https://user-images.githubusercontent.com/7291672/45550969-0def7180-b85f-11e8-8b0d-5d58015762f7.png)

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@ivangretsky commented on GitHub (Sep 14, 2018):

@xgqfrms, see 1 and 2 in my original post. Real problems start later)

@ivangretsky commented on GitHub (Sep 14, 2018): @xgqfrms, see 1 and 2 in my original post. Real problems start later)

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@xgqfrms commented on GitHub (Sep 14, 2018):

@ivangretsky

solution

remame .exe & cd to the right path

but the * is not work, why?

@xgqfrms commented on GitHub (Sep 14, 2018): @ivangretsky # solution > remame `.exe` & cd to the right `path` ![image](https://user-images.githubusercontent.com/7291672/45552246-e4384980-b862-11e8-9544-48e3f32f1aef.png) # but the * is not work, why?

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@xgqfrms commented on GitHub (Sep 14, 2018):

OK

https & express sever

const https = require('https');
const express = require('express');
const fs = require('fs');

// const fs = require('fs');

// OpenSSL
// const privateKey = fs.readFileSync('./https-ssl/server.key');
// const certificate = fs.readFileSync('./https-ssl/server.crt');

// pem
const privateKey = fs.readFileSync('./ssl/webgeeker.xyz+3-key.pem');
const certificate = fs.readFileSync('./ssl/webgeeker.xyz+3.pem');

const credentials = {
    key: privateKey,
    cert: certificate,
};

const app = express();
// const app = express.createServer(credentials);
// https://localhost:8888

https.createServer(credentials, app).listen(8888);

app.get('/', function (req, res) {
    console.log('req =', req);
    res.header('Content-type', 'text/html');
    return res.end('<h1>Hello, HTTPS!</h1>');
});

@xgqfrms commented on GitHub (Sep 14, 2018): ![image](https://user-images.githubusercontent.com/7291672/45554816-d0dcac80-b869-11e8-99a6-53467e43f354.png) # OK > https & express sever ```js const https = require('https'); const express = require('express'); const fs = require('fs'); // const fs = require('fs'); // OpenSSL // const privateKey = fs.readFileSync('./https-ssl/server.key'); // const certificate = fs.readFileSync('./https-ssl/server.crt'); // pem const privateKey = fs.readFileSync('./ssl/webgeeker.xyz+3-key.pem'); const certificate = fs.readFileSync('./ssl/webgeeker.xyz+3.pem'); const credentials = { key: privateKey, cert: certificate, }; const app = express(); // const app = express.createServer(credentials); // https://localhost:8888 https.createServer(credentials, app).listen(8888); app.get('/', function (req, res) { console.log('req =', req); res.header('Content-type', 'text/html'); return res.end('<h1>Hello, HTTPS!</h1>'); }); ```

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@adamdecaf commented on GitHub (Oct 23, 2018):

Was this problem solved?

@adamdecaf commented on GitHub (Oct 23, 2018): Was this problem solved?

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@ivangretsky commented on GitHub (Oct 23, 2018):

Nope

@ivangretsky commented on GitHub (Oct 23, 2018): Nope

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@adamdecaf commented on GitHub (Oct 23, 2018):

What problem are you having? It looks like someone posted a nodejs server. Is your problem related to the certificate in Window's store or your application?

@adamdecaf commented on GitHub (Oct 23, 2018): What problem are you having? It looks like someone posted a nodejs server. Is your problem related to the certificate in Window's store or your application?

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@ivangretsky commented on GitHub (Oct 24, 2018):

I tried my best to describe my issue in the original post. Do I need to add something?

@ivangretsky commented on GitHub (Oct 24, 2018): I tried my best to describe my issue in the original post. Do I need to add something?

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@adamdecaf commented on GitHub (Oct 24, 2018):

Does the dev server report errors about the certificate files? Can you share the logs and code for the server?

@adamdecaf commented on GitHub (Oct 24, 2018): Does the dev server report errors about the certificate files? Can you share the logs and code for the server?

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@aweber1 commented on GitHub (Oct 24, 2018):

@ivangretsky you mentioned:

Launched a local dev server with the test.xyz configured to be served both on http and https.

It's unclear what type of server you're trying to use the certificate with. That will have an impact on both how you generate and how the certificate is used.

That said, if you're using IIS, check out this blog post (shameless plug):
https://medium.com/@aweber01/locally-trusted-development-certificates-with-mkcert-and-iis-e09410d92031

@aweber1 commented on GitHub (Oct 24, 2018): @ivangretsky you mentioned: > 5. Launched a local dev server with the test.xyz configured to be served both on http and https. It's unclear what type of server you're trying to use the certificate with. That will have an impact on both how you generate and how the certificate is used. That said, if you're using IIS, check out this blog post (shameless plug): https://medium.com/@aweber01/locally-trusted-development-certificates-with-mkcert-and-iis-e09410d92031

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@ivangretsky commented on GitHub (Oct 25, 2018):

I am using xampp portable with apache web server.

Was just writing a long post about how nothing works, checking one step after another, and realized that I did not tell apache to use the certificates issued. I changed virtual host config for a site as shown below, and it started working!

<VirtualHost *:443>
    DocumentRoot "D:/xampp/htdocs/test.xyz"
    ServerName test.xyz
    ServerAlias *.test.xyz
	
    SSLEngine on	
    SSLCertificateFile "c:\Users\XXX\test.xyz.pem"
    SSLCertificateKeyFile "c:\Users\XXX\test.xyz-key.pem"
</VirtualHost>

It is in xampp\apache\conf\extra\httpd-vhosts.conf in my case for xampp.

Thanks @adamdecaf and @aweber1!

Wildcard for 2nd level domains don't work in Chrome though.

@ivangretsky commented on GitHub (Oct 25, 2018): I am using xampp portable with apache web server. Was just writing a long post about how nothing works, checking one step after another, and realized that I did not tell apache to use the certificates issued. I changed virtual host config for a site as shown below, and it started working! ``` <VirtualHost *:443> DocumentRoot "D:/xampp/htdocs/test.xyz" ServerName test.xyz ServerAlias *.test.xyz SSLEngine on SSLCertificateFile "c:\Users\XXX\test.xyz.pem" SSLCertificateKeyFile "c:\Users\XXX\test.xyz-key.pem" </VirtualHost> ``` It is in `xampp\apache\conf\extra\httpd-vhosts.conf` in my case for xampp. Thanks @adamdecaf and @aweber1! Wildcard for 2nd level domains don't work in Chrome though.

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@Tonzitos commented on GitHub (Feb 27, 2021):

I am not sure if my problem is related

@Tonzitos commented on GitHub (Feb 27, 2021): ![image](https://user-images.githubusercontent.com/36457967/109394988-dd61fc00-7921-11eb-992a-71d9572d6100.png) I am not sure if my problem is related

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@mohamedmmc commented on GitHub (Mar 24, 2021):

I am not sure if my problem is related

i'm dealing with the same issue

@mohamedmmc commented on GitHub (Mar 24, 2021): > ![image](https://user-images.githubusercontent.com/36457967/109394988-dd61fc00-7921-11eb-992a-71d9572d6100.png) > > I am not sure if my problem is related i'm dealing with the same issue

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@Marchiuzzz commented on GitHub (Mar 31, 2021):

Having the exactly same issue

@Marchiuzzz commented on GitHub (Mar 31, 2021): Having the exactly same issue

kerem commented

2026-02-25 22:32:27 +03:00

Author

Owner

@DaggieBlanqx commented on GitHub (Oct 26, 2021):

OK

https & express sever

const https = require('https');
const express = require('express');
const fs = require('fs');

// const fs = require('fs');

// OpenSSL
// const privateKey = fs.readFileSync('./https-ssl/server.key');
// const certificate = fs.readFileSync('./https-ssl/server.crt');

// pem
const privateKey = fs.readFileSync('./ssl/webgeeker.xyz+3-key.pem');
const certificate = fs.readFileSync('./ssl/webgeeker.xyz+3.pem');

const credentials = {
    key: privateKey,
    cert: certificate,
};

const app = express();
// const app = express.createServer(credentials);
// https://localhost:8888

https.createServer(credentials, app).listen(8888);

app.get('/', function (req, res) {
    console.log('req =', req);
    res.header('Content-type', 'text/html');
    return res.end('<h1>Hello, HTTPS!</h1>');
});

Works absolutely great for me!

@DaggieBlanqx commented on GitHub (Oct 26, 2021): > ![image](https://user-images.githubusercontent.com/7291672/45554816-d0dcac80-b869-11e8-99a6-53467e43f354.png) > > # OK > > https & express sever > > ```js > const https = require('https'); > const express = require('express'); > const fs = require('fs'); > > // const fs = require('fs'); > > // OpenSSL > // const privateKey = fs.readFileSync('./https-ssl/server.key'); > // const certificate = fs.readFileSync('./https-ssl/server.crt'); > > // pem > const privateKey = fs.readFileSync('./ssl/webgeeker.xyz+3-key.pem'); > const certificate = fs.readFileSync('./ssl/webgeeker.xyz+3.pem'); > > const credentials = { > key: privateKey, > cert: certificate, > }; > > const app = express(); > // const app = express.createServer(credentials); > // https://localhost:8888 > > https.createServer(credentials, app).listen(8888); > > app.get('/', function (req, res) { > console.log('req =', req); > res.header('Content-type', 'text/html'); > return res.end('<h1>Hello, HTTPS!</h1>'); > }); > ``` Works absolutely great for me!

Rows
Columns

[GH-ISSUE #73] How to use on Windows #39

docs for windows is wanted.

what's wrong with this ?

solution

but the * is not work, why?

OK

OK