-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to actually use the certs? #60
Comments
More info: Chrome says this in its warning screen:
And Firefox says something similar:
Does this mean that it's not possible to create certificates for |
I may be misunderstanding this, but since you're hitting your site from the |
I don't believe you're using the tool as it was intended, as it's very much aimed at generating certs for local development. For deploying to AWS (or any server, really) you are best looking into something like Let's Encrypt for genuine SSL (or using the SSL cert that the cloud provider usually gives you). I don't know enough about aws to help with this, but there's plenty of documentation out there. |
I see no reason why these certs wouldn't work for external machines; even the README of this project starts by showing how to generate a cert for such one! (example.com) I'm not a web dev and had zero idea of how to configure a certificate, so I just wanted to have a pair of files that can be copied to whatever machine, regardless of it being local or remote, and instantly have a valid HTTPS connection to them... well, that was the objective. Maybe I should have looked into Let's Encrypt for the AWS machine. In any case, I actually made it work without any further problem whatsoever. The reason for my problem is that a restriction exists in how the wildcard certificates work by spec, not anything to do specifically with mkcert. It turns out that a wildcard such So I used I won't close this issue yet to allow the author see it and consider my proposal of adding a section in the documentation that talks about this use case. @FiloSottile thank you for this tool! |
@Suleman-Elahi DId you try it with an administrator command prompt? |
That error doesn't depend on running with or without Administrator CMD. It happens because a regular expression fails to match. Note how the error says: That's probably a documentation bug in mkcert. Please handle it in a new issue, and don't derail already existing ones such as this one. |
Thank you very much !!!! @j1elo |
Hi, totally newbie question here. I'm not a web developer and this is the first time I configure self-signed certificates, so bear with me. Also I'd like to propose adding a section in the documentation for people in my situation.
This is what I'm currently doing, step by step command-line style. Server is an Amazon AWS machine with Ubuntu 16.04, in which I'm doing some WebRTC tests; Chrome and Firefox will refuse to allow webcam and microphone access to insecure sites (except for
localhost
), so I need to serve an HTTPS page from my test server:At this point, I open this URL in Chrome:
https://ec2-11-22-33-44.region.compute.amazonaws.com:8080/
But it still shows a warning page right before loading, and after dismissing the warning, a RED warning with "Not secure" text is shown in the address bar.
What I expected is that Chrome loads the page without any security warnings and with a GREEN lock in the address bar.
What steps I'm missing to make this work as intended?
I wanted to do this because the name that AWS gives your machine depends on the region of that particular machine and it also changes every time the machine starts up, so the best would be to have a certificate that doesn't mind what is the actual name of the subdomain, and be able to use the generated cert in several machines.
---- UPDATE ----
The reason for this problem is that a restriction exists in how the wildcard certificates work by spec, not anything to do specifically with mkcert. It turns out that a wildcard such
*.example.com
won't match sub-subdomains such asa.b.example.com
.Solution is to use wildcards for only one subdomain level:
The text was updated successfully, but these errors were encountered: