[GH-ISSUE #104] Windows10 Professional 64-bit can not install CA certificate #57

New issue

Open

opened 2026-02-25 22:32:29 +03:00 by kerem · 14 comments

kerem commented 2026-02-25 22:32:29 +03:00

Owner

Copy link

Originally created by @wickpwn on GitHub (Jan 8, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/104

C:\WINDOWS\system32>mkcert -install
Using the local CA at "C:\Users\pwn\AppData\Local\mkcert" ✨
ERROR: add cert: Failed adding cert: The access control list (ACL) structure is invalid.

I tried to search for google-related unsolvable (ACL) issues, but did not find a suitable solution.

Originally created by @wickpwn on GitHub (Jan 8, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/104 C:\WINDOWS\system32>mkcert -install Using the local CA at "C:\Users\pwn\AppData\Local\mkcert" ✨ ERROR: add cert: Failed adding cert: The access control list (ACL) structure is invalid. I tried to search for google-related unsolvable (ACL) issues, but did not find a suitable solution.

kerem added the

help wanted

Windows

labels 2026-02-25 22:32:29 +03:00

kerem commented 2026-02-25 22:32:29 +03:00

Author

Owner

Copy link

@modernist commented on GitHub (Jan 8, 2019):

+1. Running the tool with administrator privileges and setting the security permissions on the AppData\Local\mkcert folder does not help either.

<!-- gh-comment-id:452257351 --> @modernist commented on GitHub (Jan 8, 2019): +1. Running the tool with administrator privileges and setting the security permissions on the AppData\Local\mkcert folder does not help either.

kerem commented 2026-02-25 22:32:29 +03:00

Author

Owner

Copy link

@mdkozlowski commented on GitHub (Jan 8, 2019):

Same problem, both with binary built from source in Go 1.11.4 and on the pre-built binaries.

<!-- gh-comment-id:452319225 --> @mdkozlowski commented on GitHub (Jan 8, 2019): Same problem, both with binary built from source in Go 1.11.4 and on the pre-built binaries.

kerem commented 2026-02-25 22:32:29 +03:00

Author

Owner

Copy link

@adamdecaf commented on GitHub (Jan 8, 2019):

cc @cretz Do you have any ideas?

<!-- gh-comment-id:452352901 --> @adamdecaf commented on GitHub (Jan 8, 2019): cc @cretz Do you have any ideas?

kerem commented 2026-02-25 22:32:29 +03:00

Author

Owner

Copy link

@cretz commented on GitHub (Jan 8, 2019):

Hrmm, I haven't used the tool in a bit. I will investigate at some point this week. I wonder if a recent update caused this as I had used it with success many times on win 10 before.

<!-- gh-comment-id:452384967 --> @cretz commented on GitHub (Jan 8, 2019): Hrmm, I haven't used the tool in a bit. I will investigate at some point this week. I wonder if a recent update caused this as I had used it with success many times on win 10 before.

kerem commented 2026-02-25 22:32:29 +03:00

Author

Owner

Copy link

@cretz commented on GitHub (Jan 8, 2019):

I am having trouble replicating on win10 pro. It works fine for me. Y'all's error message appears to be from CertAddEncodedCertificateToStore and my research says it is due to some registry ACLs. I see a post with suggestions on resetting some ACLs to fix it, but I can definitely understand a fear of blindly trusting it.

If I must I can give a tiny bit of Go code or C++ code or whatever that y'all can pass to MS since this seems to be a Windows error.

<!-- gh-comment-id:452407101 --> @cretz commented on GitHub (Jan 8, 2019): I am having trouble replicating on win10 pro. It works fine for me. Y'all's error message appears to be from [CertAddEncodedCertificateToStore](https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-certaddencodedcertificatetostore) and my research says it is due to some registry ACLs. I see [a post](https://blogs.msdn.microsoft.com/astebner/2006/09/04/solving-setup-errors-by-using-the-subinacl-tool-to-repair-file-and-registry-permissions/) with suggestions on resetting some ACLs to fix it, but I can definitely understand a fear of blindly trusting it. If I must I can give a tiny bit of Go code or C++ code or whatever that y'all can pass to MS since this seems to be a Windows error.

kerem commented 2026-02-25 22:32:30 +03:00

Author

Owner

Copy link

@cretz commented on GitHub (Jan 8, 2019):

If someone wants to try it since I cannot replicate, download SubInAcl, then run:

"c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates

Click to see my output to compare

=======================================================================================
+KeyReg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
=======================================================================================
/control=0xc00 SE_DACL_AUTO_INHERITED-0x0400 SE_SACL_AUTO_INHERITED-0x0800
/owner             =system
/primary group     =system
/audit ace count   =0
/perm. ace count   =13
/pace =cryptsvc         ACCESS_ALLOWED_ACE_TYPE-0x0
        INHERITED_ACE-0x10
    Type of access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x80000
/pace =cryptsvc         ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERIT_ONLY_ACE-0x8           OBJECT_INHERIT_ACE-0x1         INHERITED_ACE-0x10
    SubKey - Type of Access:
        Full Control
    Detailed Access Flags :

/pace =builtin\users    ACCESS_ALLOWED_ACE_TYPE-0x0
        INHERITED_ACE-0x10
    Type of access:
        Read
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
        READ_CONTROL-0x20000
/pace =builtin\users    ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERIT_ONLY_ACE-0x8           INHERITED_ACE-0x10
    SubKey - Type of Access:
        Special acccess : -Read
    Detailed Access Flags :
        GENERIC_READ-0x80000000
/pace =builtin\administrators   ACCESS_ALLOWED_ACE_TYPE-0x0
        INHERITED_ACE-0x10
    Type of access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x80000
/pace =builtin\administrators   ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERIT_ONLY_ACE-0x8           INHERITED_ACE-0x10
    SubKey - Type of Access:
        Full Control
    Detailed Access Flags :

/pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
        INHERITED_ACE-0x10
    Type of access:
        Full Control
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_SET_VALUE-0x2          KEY_CREATE_SUB_KEY-0x4
        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10            KEY_CREATE_LINK-0x20       DELETE-0x10000
        READ_CONTROL-0x20000       WRITE_DAC-0x40000          WRITE_OWNER-0x80000
/pace =system   ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERIT_ONLY_ACE-0x8           INHERITED_ACE-0x10
    SubKey - Type of Access:
        Full Control
    Detailed Access Flags :

/pace =creator owner    ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERIT_ONLY_ACE-0x8           INHERITED_ACE-0x10
    SubKey - Type of Access:
        Full Control
    Detailed Access Flags :

/pace =all application packages         ACCESS_ALLOWED_ACE_TYPE-0x0
        INHERITED_ACE-0x10
    Type of access:
        Read
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
        READ_CONTROL-0x20000
/pace =all application packages         ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERIT_ONLY_ACE-0x8           INHERITED_ACE-0x10
    SubKey - Type of Access:
        Special acccess : -Read
    Detailed Access Flags :
        GENERIC_READ-0x80000000
/pace =S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681     ACCESS_ALLOWED_ACE_TYPE-0x0
        INHERITED_ACE-0x10
    Type of access:
        Read
    Detailed Access Flags :
        KEY_QUERY_VALUE-0x1        KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10
        READ_CONTROL-0x20000
/pace =S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681     ACCESS_ALLOWED_ACE_TYPE-0x0
        CONTAINER_INHERIT_ACE-0x2      INHERIT_ONLY_ACE-0x8           INHERITED_ACE-0x10
    SubKey - Type of Access:
        Special acccess : -Read
    Detailed Access Flags :
        GENERIC_READ-0x80000000


Elapsed Time: 00 00:00:00
Done:        1, Modified        0, Failed        0, Syntax errors        0
Last Done  : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates

That's just a guess, there are other registry keys that may be touched too. Based on that previous answer, if anyone having this problem is willing, please run the following and see if it fixes it:

"c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators

and

"c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators

<!-- gh-comment-id:452417736 --> @cretz commented on GitHub (Jan 8, 2019): If someone wants to try it since I cannot replicate, download [SubInAcl](https://www.microsoft.com/en-us/download/details.aspx?id=23510), then run: "c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates <details><summary>Click to see my output to compare</summary> <p> ======================================================================================= +KeyReg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates ======================================================================================= /control=0xc00 SE_DACL_AUTO_INHERITED-0x0400 SE_SACL_AUTO_INHERITED-0x0800 /owner =system /primary group =system /audit ace count =0 /perm. ace count =13 /pace =cryptsvc ACCESS_ALLOWED_ACE_TYPE-0x0 INHERITED_ACE-0x10 Type of access: Full Control Detailed Access Flags : KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY-0x4 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20 DELETE-0x10000 READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000 /pace =cryptsvc ACCESS_ALLOWED_ACE_TYPE-0x0 CONTAINER_INHERIT_ACE-0x2 INHERIT_ONLY_ACE-0x8 OBJECT_INHERIT_ACE-0x1 INHERITED_ACE-0x10 SubKey - Type of Access: Full Control Detailed Access Flags : /pace =builtin\users ACCESS_ALLOWED_ACE_TYPE-0x0 INHERITED_ACE-0x10 Type of access: Read Detailed Access Flags : KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 READ_CONTROL-0x20000 /pace =builtin\users ACCESS_ALLOWED_ACE_TYPE-0x0 CONTAINER_INHERIT_ACE-0x2 INHERIT_ONLY_ACE-0x8 INHERITED_ACE-0x10 SubKey - Type of Access: Special acccess : -Read Detailed Access Flags : GENERIC_READ-0x80000000 /pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0 INHERITED_ACE-0x10 Type of access: Full Control Detailed Access Flags : KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY-0x4 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20 DELETE-0x10000 READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000 /pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0 CONTAINER_INHERIT_ACE-0x2 INHERIT_ONLY_ACE-0x8 INHERITED_ACE-0x10 SubKey - Type of Access: Full Control Detailed Access Flags : /pace =system ACCESS_ALLOWED_ACE_TYPE-0x0 INHERITED_ACE-0x10 Type of access: Full Control Detailed Access Flags : KEY_QUERY_VALUE-0x1 KEY_SET_VALUE-0x2 KEY_CREATE_SUB_KEY-0x4 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 KEY_CREATE_LINK-0x20 DELETE-0x10000 READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000 /pace =system ACCESS_ALLOWED_ACE_TYPE-0x0 CONTAINER_INHERIT_ACE-0x2 INHERIT_ONLY_ACE-0x8 INHERITED_ACE-0x10 SubKey - Type of Access: Full Control Detailed Access Flags : /pace =creator owner ACCESS_ALLOWED_ACE_TYPE-0x0 CONTAINER_INHERIT_ACE-0x2 INHERIT_ONLY_ACE-0x8 INHERITED_ACE-0x10 SubKey - Type of Access: Full Control Detailed Access Flags : /pace =all application packages ACCESS_ALLOWED_ACE_TYPE-0x0 INHERITED_ACE-0x10 Type of access: Read Detailed Access Flags : KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 READ_CONTROL-0x20000 /pace =all application packages ACCESS_ALLOWED_ACE_TYPE-0x0 CONTAINER_INHERIT_ACE-0x2 INHERIT_ONLY_ACE-0x8 INHERITED_ACE-0x10 SubKey - Type of Access: Special acccess : -Read Detailed Access Flags : GENERIC_READ-0x80000000 /pace =S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 ACCESS_ALLOWED_ACE_TYPE-0x0 INHERITED_ACE-0x10 Type of access: Read Detailed Access Flags : KEY_QUERY_VALUE-0x1 KEY_ENUMERATE_SUB_KEYS-0x8 KEY_NOTIFY-0x10 READ_CONTROL-0x20000 /pace =S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 ACCESS_ALLOWED_ACE_TYPE-0x0 CONTAINER_INHERIT_ACE-0x2 INHERIT_ONLY_ACE-0x8 INHERITED_ACE-0x10 SubKey - Type of Access: Special acccess : -Read Detailed Access Flags : GENERIC_READ-0x80000000 Elapsed Time: 00 00:00:00 Done: 1, Modified 0, Failed 0, Syntax errors 0 Last Done : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates </p> </details> <br /> That's just a guess, there are other registry keys that may be touched too. Based on that previous answer, if anyone having this problem is willing, please run the following and see if it fixes it: "c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators and "c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators

kerem commented 2026-02-25 22:32:30 +03:00

Author

Owner

Copy link

@wickpwn commented on GitHub (Jan 9, 2019):

如果有人想尝试，因为我无法复制，请下载SubInAcl，然后运行：

"c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates

点击查看我的输出进行比较

这只是猜测，还有其他注册表项也可能被触及。基于之前的答案，如果有任何人有这个问题，请运行以下内容，看看是否修复它：

"c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators

和

"c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators

Hello, I found this answer yesterday, but still can not solve, I checked the folder permissions no problem, the problem has been submitted to Microsoft, I hope they can give a solution!

<!-- gh-comment-id:452543465 --> @wickpwn commented on GitHub (Jan 9, 2019): > 如果有人想尝试，因为我无法复制，请下载[SubInAcl](https://www.microsoft.com/en-us/download/details.aspx?id=23510)，然后运行： > > ``` > "c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates > ``` > 点击查看我的输出进行比较 > > 这只是猜测，还有其他注册表项也可能被触及。基于之前的答案，如果有任何人有这个问题，请运行以下内容，看看是否修复它： > > ``` > "c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators > ``` > 和 > > ``` > "c:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators > ``` Hello, I found this answer yesterday, but still can not solve, I checked the folder permissions no problem, the problem has been submitted to Microsoft, I hope they can give a solution!

kerem commented 2026-02-25 22:32:30 +03:00

Author

Owner

Copy link

@wickpwn commented on GitHub (Jan 11, 2019):

Solution: Switch to the highest privilege account Administrator to install successfully, you can not switch to other accounts under the highest account installation, so the certificate will still be invalid, please ensure that the system under the highest privilege account operates.
Iis related tutorial:https://medium.com/@aweber01/locally-trusted-development-certificates-with-mkcert-and-iis-e09410d92031
@cretz The mentioned SubInAcl only supports the following systems: Windows 2000, Windows Server 2003, Windows XP

<!-- gh-comment-id:453360362 --> @wickpwn commented on GitHub (Jan 11, 2019): Solution: Switch to the highest privilege account Administrator to install successfully, you can not switch to other accounts under the highest account installation, so the certificate will still be invalid, please ensure that the system under the highest privilege account operates. Iis related tutorial:https://medium.com/@aweber01/locally-trusted-development-certificates-with-mkcert-and-iis-e09410d92031 @cretz The mentioned SubInAcl only supports the following systems: Windows 2000, Windows Server 2003, Windows XP

kerem commented 2026-02-25 22:32:30 +03:00

Author

Owner

Copy link

@swiftdv8 commented on GitHub (Jan 11, 2019):

@wickpwn solution is not working for me: Im logged in as my admin account and running mcert -install in an Admin Command prompt and still getting

ERROR: add cert: Failed adding cert: The access control list (ACL) structure is invalid.

ive tried with a couple of different mkcert releases with the same result

Please let me know if there is something I missed

<!-- gh-comment-id:453511190 --> @swiftdv8 commented on GitHub (Jan 11, 2019): @wickpwn solution is not working for me: Im logged in as my admin account and running `mcert -install` in an Admin Command prompt and still getting > ERROR: add cert: Failed adding cert: The access control list (ACL) structure is invalid. ive tried with a couple of different mkcert releases with the same result Please let me know if there is something I missed

kerem commented 2026-02-25 22:32:30 +03:00

Author

Owner

Copy link

@wickpwn commented on GitHub (Jan 11, 2019):

@wickpwn解决方案对我不起作用：我作为我的管理员帐户登录并mcert -install在管理命令提示符下运行并仍然获得

错误：添加证书：添加证书失败：访问控制列表（ACL）结构无效。

香港专业教育学院尝试了几个不同的mkcert版本，结果相同

如果我错过了什么，请告诉我

按照这个操作解决（https://answers.microsoft.com/zh-hans/windows/forum/all/%E5%AE%89%E8%A3%85ca%E8%AF%81%E4%B9%A6%E5%A4%B1/e23cc521-b3f7-4ac6-8519-b75a11b944ac）

<!-- gh-comment-id:453550727 --> @wickpwn commented on GitHub (Jan 11, 2019): > @wickpwn解决方案对我不起作用：我作为我的管理员帐户登录并`mcert -install`在管理命令提示符下运行并仍然获得 > > > 错误：添加证书：添加证书失败：访问控制列表（ACL）结构无效。 > > 香港专业教育学院尝试了几个不同的mkcert版本，结果相同 > > 如果我错过了什么，请告诉我 按照这个操作解决（https://answers.microsoft.com/zh-hans/windows/forum/all/%E5%AE%89%E8%A3%85ca%E8%AF%81%E4%B9%A6%E5%A4%B1/e23cc521-b3f7-4ac6-8519-b75a11b944ac）

kerem commented 2026-02-25 22:32:30 +03:00

Author

Owner

Copy link

@natiki commented on GitHub (Mar 14, 2019):

FWIW https://github.com/FiloSottile/mkcert/issues/148 I used the Scoop install and then a regular user account and Powershell and had no issue. My user account is part of the administrator user group. No other changes needed.

<!-- gh-comment-id:472781401 --> @natiki commented on GitHub (Mar 14, 2019): FWIW https://github.com/FiloSottile/mkcert/issues/148 I used the Scoop install and then a regular user account and Powershell and had no issue. My user account is part of the administrator user group. No other changes needed.

kerem commented 2026-02-25 22:32:30 +03:00

Author

Owner

Copy link

@axi0m commented on GitHub (Jun 14, 2019):

I ran into the same error.

OS Version

Major  Minor  Build  Revision
-----  -----  -----  --------
10     0      18362  0

My workaround was to simply take the rootCA.pem file and import using the same Administrator PowerShell prompt I had open to install mkcert via choco, via PowerShell cmdlet

Import-Certificate -FilePath C:\Users\<redacted>\AppData\Local\mkcert\rootCA.pem -CertStoreLocation Cert:\LocalMachine\Root

<!-- gh-comment-id:502138418 --> @axi0m commented on GitHub (Jun 14, 2019): I ran into the same error. OS Version ``` Major Minor Build Revision ----- ----- ----- -------- 10 0 18362 0 ``` My workaround was to simply take the `rootCA.pem` file and import using the same Administrator PowerShell prompt I had open to install mkcert via choco, via PowerShell cmdlet ``` Import-Certificate -FilePath C:\Users\<redacted>\AppData\Local\mkcert\rootCA.pem -CertStoreLocation Cert:\LocalMachine\Root ```

kerem commented 2026-02-25 22:32:30 +03:00

Author

Owner

Copy link

@rfay commented on GitHub (Nov 10, 2019):

We mkcert -install on both Win10 Pro and Win10 Home all the time, and most ddev windows users do as well. Haven't heard of trouble. And it doesn't require admin privs either.

<!-- gh-comment-id:552159093 --> @rfay commented on GitHub (Nov 10, 2019): We `mkcert -install` on both Win10 Pro and Win10 Home all the time, and most [ddev](github.com/drud/ddev) windows users do as well. Haven't heard of trouble. And it doesn't require admin privs either.

kerem commented 2026-02-25 22:32:30 +03:00

Author

Owner

Copy link

@aszalacinski commented on GitHub (Mar 31, 2020):

I am not getting a failure on mkcert -install but the root ca was not installed into the local Trusted Root Cert Auth; Manually importing the rootCA.pem did the trick. Is there more verbose logging that can be enabled?

<!-- gh-comment-id:606674993 --> @aszalacinski commented on GitHub (Mar 31, 2020): I am not getting a failure on mkcert -install but the root ca was not installed into the local Trusted Root Cert Auth; Manually importing the rootCA.pem did the trick. Is there more verbose logging that can be enabled?

kerem referenced this issue 2026-02-25 22:33:18 +03:00

[PR #57] [MERGED] Support installing to system trust store for Arch-based distros #374

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.9.1

v0.9.0

Labels

Clear labels   

TLS stack issue

  

Windows

  

bug

  

duplicate

  

duplicate

  

enhancement

  

help wanted

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

root store

  

waiting for info

No labels

TLS stack issue

Windows

bug

duplicate

duplicate

enhancement

help wanted

help wanted

pull-request

question

question

root store

waiting for info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mkcert#57

No description provided.