starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[PR #453] Fix access is denied issue when install on Windows #468

New issue
Open
opened 2026-02-25 22:33:35 +03:00 by kerem · 0 comments
kerem commented 2026-02-25 22:33:35 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/FiloSottile/mkcert/pull/453
Author: @Tanimodori
Created: 6/20/2022
Status: 🔄 Open

Base: masterHead: master

📝 Commits (1)

  • be58ee8 Fix access is denied issue when install on Windows

📊 Changes

1 file changed (+11 additions, -2 deletions)

View changed files

📝 truststore_windows.go (+11 -2)

📄 Description

This commit fixes -install options resulting in ERROR: add cert: failed adding cert: Access is denied even on a privileged Windows command prompt.

How does it works

The fix calls CertOpenStore instead of CertOpenSystemStoreW Win32 API for adding certs. The constants are extracted from here. Thanks 池边树下 for providing the solution at StackOverflow.

The story

I was using vite-plugin-mkcert which is a wrapper of mkcert for providing self-assigned CA for SSL purpose in a frontend project. The yarn serve command resulting in the following mkcert error:

PS $Env:DEBUG="vite:plugin:mkcert"
PS yarn serve
yarn run v1.22.11
$ npm run dev

> vben-admin@2.8.0 dev
> vite

  vite:plugin:mkcert The hosts changed from [undefined] to [localhost,<out_ip>,127.0.0.1], start regenerate certificate +0ms

 ERROR  error when starting dev server:                                                                                                                                                                                         14:25:28
Error: Command failed: "C:\Users\<user>\.vite-plugin-mkcert\mkcert.exe" -install -key-file "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.key" -cert-file "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.pem" localhost <out_ip> 127.0.0.1
ERROR: add cert: failed adding cert: Access is denied.

    at ChildProcess.exithandler (node:child_process:397:12)
    at ChildProcess.emit (node:events:390:28)
    at maybeClose (node:internal/child_process:1064:16)
    at Socket.<anonymous> (node:internal/child_process:450:11)
    at Socket.emit (node:events:390:28)
    at Pipe.<anonymous> (node:net:687:12)

I found that -install option will cause this issue even on a privileged Windows command prompt, and there are already issues reported on that (#231, #395). So after searching for hours I've ported the solution here. Now the -install option will works on a privileged Windows command prompt.

PS .\mkcert.exe -install -key-file "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.key" -cert-file "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.pem" localhost <out_ip> 127.0.0.1
The local CA is already installed in the system trust store! 👍
The local CA is already installed in Java's trust store! 👍


Created a new certificate valid for the following names 📜
 - "localhost"
 - "<out_ip>"
 - "127.0.0.1"

The certificate is at "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.pem" and the key at "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.key" 

It will expire on 20 September 2024 🗓

Note

The mkcert.exe with the fix is flagged as Trojan:Win32/Wacatac.B!ml by Windows Defender.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/FiloSottile/mkcert/pull/453 **Author:** [@Tanimodori](https://github.com/Tanimodori) **Created:** 6/20/2022 **Status:** 🔄 Open **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`be58ee8`](https://github.com/FiloSottile/mkcert/commit/be58ee85f92779122fd1331f877ee99165920f29) Fix access is denied issue when install on Windows ### 📊 Changes **1 file changed** (+11 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `truststore_windows.go` (+11 -2) </details> ### 📄 Description This commit fixes `-install` options resulting in `ERROR: add cert: failed adding cert: Access is denied` even on a privileged Windows command prompt. ## How does it works The fix calls [`CertOpenStore`](https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore) instead of [`CertOpenSystemStoreW`](https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopensystemstorew) Win32 API for adding certs. The constants are extracted from [here](https://referencesource.microsoft.com/#System/security/system/security/cryptography/cryptoapi.cs). Thanks [池边树下](https://stackoverflow.com/users/16989319/%e6%b1%a0%e8%be%b9%e6%a0%91%e4%b8%8b) for providing the [solution at StackOverflow](https://stackoverflow.com/a/69308447). ## The story I was using [`vite-plugin-mkcert`](https://github.com/liuweiGL/vite-plugin-mkcert) which is a wrapper of `mkcert` for providing self-assigned CA for SSL purpose in a frontend project. The `yarn serve` command resulting in the following `mkcert` error: ```powershell PS $Env:DEBUG="vite:plugin:mkcert" PS yarn serve yarn run v1.22.11 $ npm run dev > vben-admin@2.8.0 dev > vite vite:plugin:mkcert The hosts changed from [undefined] to [localhost,<out_ip>,127.0.0.1], start regenerate certificate +0ms ERROR error when starting dev server: 14:25:28 Error: Command failed: "C:\Users\<user>\.vite-plugin-mkcert\mkcert.exe" -install -key-file "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.key" -cert-file "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.pem" localhost <out_ip> 127.0.0.1 ERROR: add cert: failed adding cert: Access is denied. at ChildProcess.exithandler (node:child_process:397:12) at ChildProcess.emit (node:events:390:28) at maybeClose (node:internal/child_process:1064:16) at Socket.<anonymous> (node:internal/child_process:450:11) at Socket.emit (node:events:390:28) at Pipe.<anonymous> (node:net:687:12) ``` I found that `-install` option will cause this issue even on a privileged Windows command prompt, and there are already issues reported on that (#231, #395). So after searching for hours I've ported the solution here. Now the `-install` option will works on a privileged Windows command prompt. ```powershell PS .\mkcert.exe -install -key-file "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.key" -cert-file "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.pem" localhost <out_ip> 127.0.0.1 The local CA is already installed in the system trust store! 👍 The local CA is already installed in Java's trust store! 👍 Created a new certificate valid for the following names 📜 - "localhost" - "<out_ip>" - "127.0.0.1" The certificate is at "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.pem" and the key at "C:\Users\<user>\.vite-plugin-mkcert\certs\dev.key" ✅ It will expire on 20 September 2024 🗓 ``` ## Note The `mkcert.exe` with the fix is flagged as `Trojan:Win32/Wacatac.B!ml` by Windows Defender. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#468
No description provided.