[GH-ISSUE #147] Warning: the local CA is not installed in the system trust store! ⚠️ #90

New issue

Closed

opened 2026-02-25 22:32:34 +03:00 by kerem · 13 comments

kerem commented 2026-02-25 22:32:34 +03:00

Owner

Copy link

Originally created by @daBee on GitHub (Mar 12, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/147

I just installed mkcert as a recommendation for certificates for all my nginx vhosts.

brew install mkcert
mkcert -install

Then I tried some domains...

mkcert pass1.local pass2.local pass3.local

That error came up:

Warning: the local CA is not installed in the system trust store! ⚠️

Am I doing this right or is this an oversight?

[Tue Mar 12 13:35 rich@HQ ~/Library/Application Support/mkcert] ll
total 48
drwxr-xr-x    8 rich  staff   272B Mar 12 13:35 .
drwx------@ 224 rich  staff   7.4K Mar 12 13:19 ..
-rw-------    1 rich  staff   1.7K Mar 12 13:35 pass.local+5-key.pem
-rw-r--r--    1 rich  staff   1.5K Mar 12 13:35 pass.local+5.pem
-r--------    1 rich  staff   2.4K Mar 12 13:19 rootCA-key.pem
-rw-r--r--    1 rich  staff   1.6K Mar 12 13:19 rootCA.pem

Originally created by @daBee on GitHub (Mar 12, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/147 I just installed `mkcert` as a recommendation for certificates for all my `nginx` `vhosts`. brew install mkcert mkcert -install Then I tried some domains... mkcert pass1.local pass2.local pass3.local That error came up: Warning: the local CA is not installed in the system trust store! ⚠️ Am I doing this right or is this an oversight? [Tue Mar 12 13:35 rich@HQ ~/Library/Application Support/mkcert] ll total 48 drwxr-xr-x 8 rich staff 272B Mar 12 13:35 . drwx------@ 224 rich staff 7.4K Mar 12 13:19 .. -rw------- 1 rich staff 1.7K Mar 12 13:35 pass.local+5-key.pem -rw-r--r-- 1 rich staff 1.5K Mar 12 13:35 pass.local+5.pem -r-------- 1 rich staff 2.4K Mar 12 13:19 rootCA-key.pem -rw-r--r-- 1 rich staff 1.6K Mar 12 13:19 rootCA.pem

kerem closed this issue 2026-02-25 22:32:34 +03:00

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@daBee commented on GitHub (Mar 12, 2019):

I moved the certs and keys to the webserver root (nobody is in here but me, yes I hear the security people bouncing), and it isn't working:

ssl_certificate												/Users/rich/Library/WebServer/Documents/pass.local+5.pem;
ssl_certificate_key										/Users/rich/Library/WebServer/Documents/pass.local+5-key.pem;

nginx: [emerg] cannot load certificate "/Users/rich/Library/WebServer/Documents/pass.local+5-key.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/Users/rich/Library/WebServer/Documents/pass.local+5-key.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed

$ pwd
/Library/WebServer/Documents

$ ls
-rw-------   1 root  admin   1.7K Mar 12 13:47 pass.local+5-key.pem
-rw-r--r--   1 root  admin   1.5K Mar 12 13:47 pass.local+5.pem

<!-- gh-comment-id:472112066 --> @daBee commented on GitHub (Mar 12, 2019): I moved the certs and keys to the webserver root (nobody is in here but me, yes I hear the security people bouncing), and it isn't working: ssl_certificate /Users/rich/Library/WebServer/Documents/pass.local+5.pem; ssl_certificate_key /Users/rich/Library/WebServer/Documents/pass.local+5-key.pem; nginx: [emerg] cannot load certificate "/Users/rich/Library/WebServer/Documents/pass.local+5-key.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/Users/rich/Library/WebServer/Documents/pass.local+5-key.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed $ pwd /Library/WebServer/Documents $ ls -rw------- 1 root admin 1.7K Mar 12 13:47 pass.local+5-key.pem -rw-r--r-- 1 root admin 1.5K Mar 12 13:47 pass.local+5.pem

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@adamdecaf commented on GitHub (Mar 12, 2019):

You're showing /Users/rich/Library/WebServer/Documents/... and /Library/WebServer/Documents. Those seem to be different paths.

<!-- gh-comment-id:472205578 --> @adamdecaf commented on GitHub (Mar 12, 2019): You're showing `/Users/rich/Library/WebServer/Documents/...` and `/Library/WebServer/Documents`. Those seem to be different paths.

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@adamdecaf commented on GitHub (Mar 12, 2019):

mkcert failing to install onto the system is suspect. Do you have the login keychain elsewhere or password protected?

<!-- gh-comment-id:472205771 --> @adamdecaf commented on GitHub (Mar 12, 2019): `mkcert` failing to install onto the system is suspect. Do you have the login keychain elsewhere or password protected?

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@daBee commented on GitHub (Mar 12, 2019):

Normal login keychain.

<!-- gh-comment-id:472206141 --> @daBee commented on GitHub (Mar 12, 2019): Normal login keychain.

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@daBee commented on GitHub (Mar 12, 2019):

OK, tried again (I'm on El Capitan 10.11.6):

[Tue Mar 12 18:37 rich@HQ ~] mkcert -install
Using the local CA at "/Users/rich/Library/Application Support/mkcert" ✨
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0x153c50 pc=0x7fff8add74dd]

runtime stack:
runtime.throw(0x121e232, 0x2a)
	/usr/local/Cellar/go/1.12/libexec/src/runtime/panic.go:617 +0x72
runtime.sigpanic()
	/usr/local/Cellar/go/1.12/libexec/src/runtime/signal_unix.go:374 +0x4a9

goroutine 1 [syscall]:
runtime.cgocall(0x1001740, 0xc0001ab9f0, 0xc0001885f8)
	/usr/local/Cellar/go/1.12/libexec/src/runtime/cgocall.go:128 +0x5b fp=0xc0001ab9c0 sp=0xc0001ab988 pc=0x1004c6b
crypto/x509._Cfunc_FetchPEMRoots(0xc0001885f0, 0xc0001885f8, 0xc00018a500, 0x0)
	_cgo_gotypes.go:110 +0x4d fp=0xc0001ab9f0 sp=0xc0001ab9c0 pc=0x1147ebd
crypto/x509.loadSystemRoots.func1(0xc0001885f0, 0xc0001885f8, 0x0)
	/usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root_cgo_darwin.go:281 +0x12d fp=0xc0001aba30 sp=0xc0001ab9f0 pc=0x114d8bd
crypto/x509.loadSystemRoots(0x0, 0x0, 0x0)
	/usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root_cgo_darwin.go:281 +0xec fp=0xc0001abb00 sp=0xc0001aba30 pc=0x114802c
crypto/x509.initSystemRoots()
	/usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root.go:21 +0x26 fp=0xc0001abb28 sp=0xc0001abb00 pc=0x1135c36
sync.(*Once).Do(0x13d2030, 0x1222bc8)
	/usr/local/Cellar/go/1.12/libexec/src/sync/once.go:44 +0xb3 fp=0xc0001abb58 sp=0xc0001abb28 pc=0x105f143
crypto/x509.systemRootsPool(...)
	/usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root.go:16
crypto/x509.(*Certificate).Verify(0xc0001ae000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/usr/local/Cellar/go/1.12/libexec/src/crypto/x509/verify.go:744 +0x6b8 fp=0xc0001abc70 sp=0xc0001abb58 pc=0x113a418
main.(*mkcert).checkPlatform(...)
	/private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:301
main.(*mkcert).install(0xc0001abf10)
	/private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:235 +0x532 fp=0xc0001abd20 sp=0xc0001abc70 pc=0x11aa912
main.(*mkcert).Run(0xc0001abf10, 0xc0000cc010, 0x0, 0x0)
	/private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:152 +0x73c fp=0xc0001abe48 sp=0xc0001abd20 pc=0x11aa08c
main.main()
	/private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:121 +0x738 fp=0xc0001abf98 sp=0xc0001abe48 pc=0x11a9808
runtime.main()
	/usr/local/Cellar/go/1.12/libexec/src/runtime/proc.go:200 +0x20c fp=0xc0001abfe0 sp=0xc0001abf98 pc=0x102d70c
runtime.goexit()
	/usr/local/Cellar/go/1.12/libexec/src/runtime/asm_amd64.s:1337 +0x1 fp=0xc0001abfe8 sp=0xc0001abfe0 pc=0x1056f91

<!-- gh-comment-id:472208553 --> @daBee commented on GitHub (Mar 12, 2019): OK, tried again (I'm on `El Capitan 10.11.6`): [Tue Mar 12 18:37 rich@HQ ~] mkcert -install Using the local CA at "/Users/rich/Library/Application Support/mkcert" ✨ fatal error: unexpected signal during runtime execution [signal SIGSEGV: segmentation violation code=0x1 addr=0x153c50 pc=0x7fff8add74dd] runtime stack: runtime.throw(0x121e232, 0x2a) /usr/local/Cellar/go/1.12/libexec/src/runtime/panic.go:617 +0x72 runtime.sigpanic() /usr/local/Cellar/go/1.12/libexec/src/runtime/signal_unix.go:374 +0x4a9 goroutine 1 [syscall]: runtime.cgocall(0x1001740, 0xc0001ab9f0, 0xc0001885f8) /usr/local/Cellar/go/1.12/libexec/src/runtime/cgocall.go:128 +0x5b fp=0xc0001ab9c0 sp=0xc0001ab988 pc=0x1004c6b crypto/x509._Cfunc_FetchPEMRoots(0xc0001885f0, 0xc0001885f8, 0xc00018a500, 0x0) _cgo_gotypes.go:110 +0x4d fp=0xc0001ab9f0 sp=0xc0001ab9c0 pc=0x1147ebd crypto/x509.loadSystemRoots.func1(0xc0001885f0, 0xc0001885f8, 0x0) /usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root_cgo_darwin.go:281 +0x12d fp=0xc0001aba30 sp=0xc0001ab9f0 pc=0x114d8bd crypto/x509.loadSystemRoots(0x0, 0x0, 0x0) /usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root_cgo_darwin.go:281 +0xec fp=0xc0001abb00 sp=0xc0001aba30 pc=0x114802c crypto/x509.initSystemRoots() /usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root.go:21 +0x26 fp=0xc0001abb28 sp=0xc0001abb00 pc=0x1135c36 sync.(*Once).Do(0x13d2030, 0x1222bc8) /usr/local/Cellar/go/1.12/libexec/src/sync/once.go:44 +0xb3 fp=0xc0001abb58 sp=0xc0001abb28 pc=0x105f143 crypto/x509.systemRootsPool(...) /usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root.go:16 crypto/x509.(*Certificate).Verify(0xc0001ae000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...) /usr/local/Cellar/go/1.12/libexec/src/crypto/x509/verify.go:744 +0x6b8 fp=0xc0001abc70 sp=0xc0001abb58 pc=0x113a418 main.(*mkcert).checkPlatform(...) /private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:301 main.(*mkcert).install(0xc0001abf10) /private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:235 +0x532 fp=0xc0001abd20 sp=0xc0001abc70 pc=0x11aa912 main.(*mkcert).Run(0xc0001abf10, 0xc0000cc010, 0x0, 0x0) /private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:152 +0x73c fp=0xc0001abe48 sp=0xc0001abd20 pc=0x11aa08c main.main() /private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:121 +0x738 fp=0xc0001abf98 sp=0xc0001abe48 pc=0x11a9808 runtime.main() /usr/local/Cellar/go/1.12/libexec/src/runtime/proc.go:200 +0x20c fp=0xc0001abfe0 sp=0xc0001abf98 pc=0x102d70c runtime.goexit() /usr/local/Cellar/go/1.12/libexec/src/runtime/asm_amd64.s:1337 +0x1 fp=0xc0001abfe8 sp=0xc0001abfe0 pc=0x1056f91

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@daBee commented on GitHub (Mar 12, 2019):

OK, fixed the crt and key locations:

ssl_certificate		/Library/WebServer/Documents/pass1/pass1.local.crt;
ssl_certificate_key	/Library/WebServer/Documents/pass1/device.key;

Restarted nginx, and nginx.conf syntax is ok. This error:

[ E 2019-03-12 18:43:17.3383 99734/T5 Sec/Crypto.cpp:990 ]: Loading Passenger Cert failed: The specified keychain could not be found.
Please check for a certificate labeled: Phusion Passenger Open Source in your keychain, and remove the associated private key. For more help please read: https://www.phusionpassenger.com/library/admin/standalone/mac_keychain_popups.html
[ E 2019-03-12 18:43:17.3384 99734/T5 Sec/Crypto.cpp:990 ]: Pre authorizing the Passenger client certificate failed: The specified keychain could not be found.
[ E 2019-03-12 18:43:17.3384 99734/T5 age/Cor/SecurityUpdateChecker.h:507 ]: Security update check failed: Problem with the local SSL certificate at /usr/local/Cellar/passenger/6.0.2_1/libexec/resources/update_check_client_cert.p12 (try upgrading or reinstalling Passenger) (next check in 24 hours)
[ E 2019-03-12 18:43:17.3462 99734/T5 Sec/Crypto.cpp:990 ]: Finding Passenger Cert failed: The specified item could not be found in the keychain.
App 99830 output: fbtzonjkmu
App 99830 output: 3854
App 99830 output: 127.0.0.1 - - [12/Mar/2019:18:43:42 -0400] "GET /about HTTP/1.1" 200 13431 0.1552

There is no such thing in my keychain anywhere that I can find.

<!-- gh-comment-id:472210237 --> @daBee commented on GitHub (Mar 12, 2019): OK, fixed the `crt` and `key` locations: ssl_certificate /Library/WebServer/Documents/pass1/pass1.local.crt; ssl_certificate_key /Library/WebServer/Documents/pass1/device.key; Restarted `nginx`, and `nginx.conf` syntax is ok. This error: [ E 2019-03-12 18:43:17.3383 99734/T5 Sec/Crypto.cpp:990 ]: Loading Passenger Cert failed: The specified keychain could not be found. Please check for a certificate labeled: Phusion Passenger Open Source in your keychain, and remove the associated private key. For more help please read: https://www.phusionpassenger.com/library/admin/standalone/mac_keychain_popups.html [ E 2019-03-12 18:43:17.3384 99734/T5 Sec/Crypto.cpp:990 ]: Pre authorizing the Passenger client certificate failed: The specified keychain could not be found. [ E 2019-03-12 18:43:17.3384 99734/T5 age/Cor/SecurityUpdateChecker.h:507 ]: Security update check failed: Problem with the local SSL certificate at /usr/local/Cellar/passenger/6.0.2_1/libexec/resources/update_check_client_cert.p12 (try upgrading or reinstalling Passenger) (next check in 24 hours) [ E 2019-03-12 18:43:17.3462 99734/T5 Sec/Crypto.cpp:990 ]: Finding Passenger Cert failed: The specified item could not be found in the keychain. App 99830 output: fbtzonjkmu App 99830 output: 3854 App 99830 output: 127.0.0.1 - - [12/Mar/2019:18:43:42 -0400] "GET /about HTTP/1.1" 200 13431 0.1552 There is no such thing in my keychain anywhere that I can find.

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@adamdecaf commented on GitHub (Mar 12, 2019):

I'd expect that since the system cert install failed. Is there more output from mkcert -install?

Is there a login.keychain-db at this directory?

$ ls -l ~/Library/Keychains/

<!-- gh-comment-id:472211121 --> @adamdecaf commented on GitHub (Mar 12, 2019): I'd expect that since the system cert install failed. Is there more output from `mkcert -install`? Is there a `login.keychain-db` at this directory? ``` $ ls -l ~/Library/Keychains/ ```

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@adamdecaf commented on GitHub (Mar 12, 2019):

Are you talking about the Passenger certificate? Looks like that's causing problems.

<!-- gh-comment-id:472211478 --> @adamdecaf commented on GitHub (Mar 12, 2019): Are you talking about the `Passenger` certificate? Looks like that's causing problems.

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@daBee commented on GitHub (Mar 12, 2019):

$ ls -l ~/Library/Keychains/
drwx------  8 rich  staff      272 Dec 12  2014 2A2578AE-2019-51E3-9F58-86D3FE0522DE
-rw-r--r--@ 1 rich  staff  3568928 Mar 12 11:13 login.keychain
-rw-r--r--  1 rich  staff        0 Dec 13 06:51 login.keychain.sb-6592010b-RjlFQI
-rw-r--r--  1 rich  staff  1338356 Jun 26  2013 login.keychain.sb-c6345132-AYEyYo
-rw-r--r--  1 rich  staff        0 Nov  1  2014 login.keychain.sb-f43abbe0-Gcb8Ml
-rw-r--r--  1 rich  staff        0 Nov  1  2014 login.keychain.sb-f43abbe0-uuvSDc
-rw-------  1 rich  staff    23136 Mar 12 11:23 metadata.keychain

It seems the Passenger cert is messing things up. But mkcert -install has only that feedback. I've seen it earlier today. Just did this twice:

[Tue Mar 12 18:55 rich@HQ ~] mkcert -install
Using the local CA at "/Users/rich/Library/Application Support/mkcert" ✨
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0x440108 pc=0x7fff8add74dd]

runtime stack:
runtime.throw(0x121e232, 0x2a)
	/usr/local/Cellar/go/1.12/libexec/src/runtime/panic.go:617 +0x72
runtime.sigpanic()
	/usr/local/Cellar/go/1.12/libexec/src/runtime/signal_unix.go:374 +0x4a9

goroutine 1 [syscall]:
runtime.cgocall(0x1001740, 0xc00019f9f0, 0xc0001785f8)
	/usr/local/Cellar/go/1.12/libexec/src/runtime/cgocall.go:128 +0x5b fp=0xc00019f9c0 sp=0xc00019f988 pc=0x1004c6b
crypto/x509._Cfunc_FetchPEMRoots(0xc0001785f0, 0xc0001785f8, 0xc00017c500, 0x0)
	_cgo_gotypes.go:110 +0x4d fp=0xc00019f9f0 sp=0xc00019f9c0 pc=0x1147ebd
crypto/x509.loadSystemRoots.func1(0xc0001785f0, 0xc0001785f8, 0x0)
	/usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root_cgo_darwin.go:281 +0x12d fp=0xc00019fa30 sp=0xc00019f9f0 pc=0x114d8bd
crypto/x509.loadSystemRoots(0x0, 0x0, 0x0)
	/usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root_cgo_darwin.go:281 +0xec fp=0xc00019fb00 sp=0xc00019fa30 pc=0x114802c
crypto/x509.initSystemRoots()
	/usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root.go:21 +0x26 fp=0xc00019fb28 sp=0xc00019fb00 pc=0x1135c36
sync.(*Once).Do(0x13d2030, 0x1222bc8)
	/usr/local/Cellar/go/1.12/libexec/src/sync/once.go:44 +0xb3 fp=0xc00019fb58 sp=0xc00019fb28 pc=0x105f143
crypto/x509.systemRootsPool(...)
	/usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root.go:16
crypto/x509.(*Certificate).Verify(0xc0001a2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/usr/local/Cellar/go/1.12/libexec/src/crypto/x509/verify.go:744 +0x6b8 fp=0xc00019fc70 sp=0xc00019fb58 pc=0x113a418
main.(*mkcert).checkPlatform(...)
	/private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:301
main.(*mkcert).install(0xc00019ff10)
	/private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:235 +0x532 fp=0xc00019fd20 sp=0xc00019fc70 pc=0x11aa912
main.(*mkcert).Run(0xc00019ff10, 0xc0000cc010, 0x0, 0x0)
	/private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:152 +0x73c fp=0xc00019fe48 sp=0xc00019fd20 pc=0x11aa08c
main.main()
	/private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:121 +0x738 fp=0xc00019ff98 sp=0xc00019fe48 pc=0x11a9808
runtime.main()
	/usr/local/Cellar/go/1.12/libexec/src/runtime/proc.go:200 +0x20c fp=0xc00019ffe0 sp=0xc00019ff98 pc=0x102d70c
runtime.goexit()
	/usr/local/Cellar/go/1.12/libexec/src/runtime/asm_amd64.s:1337 +0x1 fp=0xc00019ffe8 sp=0xc00019ffe0 pc=0x1056f91
[Tue Mar 12 18:57 rich@HQ ~] mkcert -install
Using the local CA at "/Users/rich/Library/Application Support/mkcert" ✨
The local CA is now installed in the system trust store! ⚡️

<!-- gh-comment-id:472212865 --> @daBee commented on GitHub (Mar 12, 2019): $ ls -l ~/Library/Keychains/ drwx------ 8 rich staff 272 Dec 12 2014 2A2578AE-2019-51E3-9F58-86D3FE0522DE -rw-r--r--@ 1 rich staff 3568928 Mar 12 11:13 login.keychain -rw-r--r-- 1 rich staff 0 Dec 13 06:51 login.keychain.sb-6592010b-RjlFQI -rw-r--r-- 1 rich staff 1338356 Jun 26 2013 login.keychain.sb-c6345132-AYEyYo -rw-r--r-- 1 rich staff 0 Nov 1 2014 login.keychain.sb-f43abbe0-Gcb8Ml -rw-r--r-- 1 rich staff 0 Nov 1 2014 login.keychain.sb-f43abbe0-uuvSDc -rw------- 1 rich staff 23136 Mar 12 11:23 metadata.keychain It seems the Passenger cert is messing things up. But `mkcert -install` has only that feedback. I've seen it earlier today. Just did this twice: [Tue Mar 12 18:55 rich@HQ ~] mkcert -install Using the local CA at "/Users/rich/Library/Application Support/mkcert" ✨ fatal error: unexpected signal during runtime execution [signal SIGSEGV: segmentation violation code=0x1 addr=0x440108 pc=0x7fff8add74dd] runtime stack: runtime.throw(0x121e232, 0x2a) /usr/local/Cellar/go/1.12/libexec/src/runtime/panic.go:617 +0x72 runtime.sigpanic() /usr/local/Cellar/go/1.12/libexec/src/runtime/signal_unix.go:374 +0x4a9 goroutine 1 [syscall]: runtime.cgocall(0x1001740, 0xc00019f9f0, 0xc0001785f8) /usr/local/Cellar/go/1.12/libexec/src/runtime/cgocall.go:128 +0x5b fp=0xc00019f9c0 sp=0xc00019f988 pc=0x1004c6b crypto/x509._Cfunc_FetchPEMRoots(0xc0001785f0, 0xc0001785f8, 0xc00017c500, 0x0) _cgo_gotypes.go:110 +0x4d fp=0xc00019f9f0 sp=0xc00019f9c0 pc=0x1147ebd crypto/x509.loadSystemRoots.func1(0xc0001785f0, 0xc0001785f8, 0x0) /usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root_cgo_darwin.go:281 +0x12d fp=0xc00019fa30 sp=0xc00019f9f0 pc=0x114d8bd crypto/x509.loadSystemRoots(0x0, 0x0, 0x0) /usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root_cgo_darwin.go:281 +0xec fp=0xc00019fb00 sp=0xc00019fa30 pc=0x114802c crypto/x509.initSystemRoots() /usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root.go:21 +0x26 fp=0xc00019fb28 sp=0xc00019fb00 pc=0x1135c36 sync.(*Once).Do(0x13d2030, 0x1222bc8) /usr/local/Cellar/go/1.12/libexec/src/sync/once.go:44 +0xb3 fp=0xc00019fb58 sp=0xc00019fb28 pc=0x105f143 crypto/x509.systemRootsPool(...) /usr/local/Cellar/go/1.12/libexec/src/crypto/x509/root.go:16 crypto/x509.(*Certificate).Verify(0xc0001a2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...) /usr/local/Cellar/go/1.12/libexec/src/crypto/x509/verify.go:744 +0x6b8 fp=0xc00019fc70 sp=0xc00019fb58 pc=0x113a418 main.(*mkcert).checkPlatform(...) /private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:301 main.(*mkcert).install(0xc00019ff10) /private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:235 +0x532 fp=0xc00019fd20 sp=0xc00019fc70 pc=0x11aa912 main.(*mkcert).Run(0xc00019ff10, 0xc0000cc010, 0x0, 0x0) /private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:152 +0x73c fp=0xc00019fe48 sp=0xc00019fd20 pc=0x11aa08c main.main() /private/tmp/mkcert-20190312-75737-hlo410/mkcert-1.3.0/src/github.com/FiloSottile/mkcert/main.go:121 +0x738 fp=0xc00019ff98 sp=0xc00019fe48 pc=0x11a9808 runtime.main() /usr/local/Cellar/go/1.12/libexec/src/runtime/proc.go:200 +0x20c fp=0xc00019ffe0 sp=0xc00019ff98 pc=0x102d70c runtime.goexit() /usr/local/Cellar/go/1.12/libexec/src/runtime/asm_amd64.s:1337 +0x1 fp=0xc00019ffe8 sp=0xc00019ffe0 pc=0x1056f91 [Tue Mar 12 18:57 rich@HQ ~] mkcert -install Using the local CA at "/Users/rich/Library/Application Support/mkcert" ✨ The local CA is now installed in the system trust store! ⚡️

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@adamdecaf commented on GitHub (Mar 12, 2019):

Can you try uninstalling the Passenger certificate and retrying?

<!-- gh-comment-id:472214621 --> @adamdecaf commented on GitHub (Mar 12, 2019): Can you try uninstalling the Passenger certificate and retrying?

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@daBee commented on GitHub (Mar 12, 2019):

There is none

<!-- gh-comment-id:472214705 --> @daBee commented on GitHub (Mar 12, 2019): There is none

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@adamdecaf commented on GitHub (Mar 12, 2019):

What are the logs talking about then? Can we remove what they're having problems with?

<!-- gh-comment-id:472215413 --> @adamdecaf commented on GitHub (Mar 12, 2019): What are the logs talking about then? Can we remove what they're having problems with?

kerem commented 2026-02-25 22:32:34 +03:00

Author

Owner

Copy link

@daBee commented on GitHub (Mar 12, 2019):

Logs are about not finding the Passenger cert. I had no clue it even had one. At this point, the reason I need localhost or local domain certs, is working. I've tweaked Chrome to go ahead with processing, and the forms (that require ssl to move forward, or have it served under localhost) do indeed work. I can't shut down my server to see what's causing a cert issue. That could set me back the time I cannot afford. At this point, removing something that's not there is a rabbit hole of time.

<!-- gh-comment-id:472216110 --> @daBee commented on GitHub (Mar 12, 2019): Logs are about not finding the Passenger cert. I had no clue it even had one. At this point, the reason I need `localhost` or local domain certs, is working. I've tweaked `Chrome` to go ahead with processing, and the forms (that require ssl to move forward, or have it served under `localhost`) do indeed work. I can't shut down my server to see what's causing a cert issue. That could set me back the time I cannot afford. At this point, removing something that's not there is a rabbit hole of time.

kerem referenced this issue 2026-02-25 22:33:21 +03:00

[PR #90] [MERGED] java: don't run keytool during check if we there isn't even one found #388

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.9.1

v0.9.0

Labels

Clear labels   

TLS stack issue

  

Windows

  

bug

  

duplicate

  

duplicate

  

enhancement

  

help wanted

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

root store

  

waiting for info

No labels

TLS stack issue

Windows

bug

duplicate

duplicate

enhancement

help wanted

help wanted

pull-request

question

question

root store

waiting for info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mkcert#90

No description provided.