Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Laravel Valet's Self-signed Certs does not play with Firefox #296

Closed
naknode opened this issue Jan 15, 2017 · 26 comments
Closed

Laravel Valet's Self-signed Certs does not play with Firefox #296

naknode opened this issue Jan 15, 2017 · 26 comments

Comments

@naknode
Copy link

@naknode naknode commented Jan 15, 2017

A fresh install of Laravel Valet and then a valet secure <my site>.

OK, on Chrome, I can get it HTTPS -- nice.

However on Firefox (and FirefoxDev), I get the insecure self-signed error. Is this because Mozilla has stricter control or just an error on Valet's part? Or maybe Chrome has a looser control on self-signed certs. Anyone ever experienced anything like this? (Of course in prod, I would not be using a self-signed cert but that's beside the case.)

Thanks!

@loganhenson

This comment has been minimized.

Copy link

@loganhenson loganhenson commented Feb 17, 2017

Valet adds the certificate as "trusted" in the OSX keychain. However -- Firefox uses its own certificate manager, so doesn't see it.

@philiparthurmoore

This comment has been minimized.

Copy link

@philiparthurmoore philiparthurmoore commented Nov 15, 2017

Facing the same issue in Firefox Quantum.

@AnalogMemory

This comment has been minimized.

Copy link

@AnalogMemory AnalogMemory commented Nov 15, 2017

@philiparthurmoore You can add a exception for the site if you click the advanced button

@philiparthurmoore

This comment has been minimized.

Copy link

@philiparthurmoore philiparthurmoore commented Nov 15, 2017

I've done that. Not ideal for the frequent creation and destruction of links but certainly a viable option. 👍

@hellerbenjamin

This comment has been minimized.

Copy link

@hellerbenjamin hellerbenjamin commented Feb 7, 2018

Now the accept button is gone on my latest version of Firefox.

@drizki

This comment has been minimized.

Copy link

@drizki drizki commented Feb 8, 2018

@hellerbenjamin Same for me, the "Add Exception" button is no longer there.

@Baadier-Sydow

This comment has been minimized.

Copy link

@Baadier-Sydow Baadier-Sydow commented Feb 8, 2018

I added an exception but once I restarted it seems to ignore the exception and I the button on the frontend to Add Exception is no longer there.

@AnalogMemory

This comment has been minimized.

Copy link

@AnalogMemory AnalogMemory commented Feb 9, 2018

Which version of Firefox is this happening for ya'll? I'm at (58.0.2 (64-bit)) and on pages it shows me the security warning, after clicking the "Advanced" button, the "Add Exception" link is available.

Also you can manually add sites in preferences.
Privacy & Security Preferences → View Certificates... → Servers → Add Exception

But yeah they don't make it easy 💩

@Baadier-Sydow

This comment has been minimized.

Copy link

@Baadier-Sydow Baadier-Sydow commented Feb 9, 2018

I'm using Firefox 59 and Firefox Developer 59.

On both the first time it allows you to add an exception but it stops working. Thereafter the Add Exception button no longer shows.

Then if you view the certificates I can confirm that the domains are included. If I remove the domain I can then re-add it. After re-adding it stil does not work.

@Kompas

This comment has been minimized.

Copy link

@Kompas Kompas commented Feb 16, 2018

FF 59 does not offer a solution. I am forced to use another browser now!
A self-signed certificate is not accepted anymore! Adding a website as exception does not solve the problem.

Who knows a solution? Is it possible to use another CA?

@andreicristianpetcu

This comment has been minimized.

Copy link

@andreicristianpetcu andreicristianpetcu commented Feb 17, 2018

have you tried importing the CA? https://vimeo.com/245172191

@AnalogMemory

This comment has been minimized.

Copy link

@AnalogMemory AnalogMemory commented Feb 17, 2018

Downloaded the latest Firefox Developer Edition and was able to open Valet sites using the certs it creates. Still able to add each individual site as a security exception

Are ya'll still using the .dev domain? That domain no longer works unless you're Google. It stopped working in Chrome back in December and Firefox just added it to the preloaded HSTS lists. So that could be your issue. Try using .test or .localhost (or anything not in the HSTS lists) as your dev domain
https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/

@hellerbenjamin

This comment has been minimized.

Copy link

@hellerbenjamin hellerbenjamin commented Feb 27, 2018

I was still using the dev domain. Thanks for the response.

@aginanjar

This comment has been minimized.

Copy link

@aginanjar aginanjar commented Mar 20, 2018

I'm facing the same problem on firefox. But dev domain works well on safari. I change dev domain to local domain, and now I can continue my work. Thanks @AnalogMemory for the link!

@denmasyarikin

This comment has been minimized.

Copy link

@denmasyarikin denmasyarikin commented Jun 7, 2018

because not all domain are allowed to use, I think valet should be validate domain before used.

@amnkhan

This comment has been minimized.

Copy link

@amnkhan amnkhan commented Jul 18, 2018

Any solution yet, I am facing the same problem in my Firefox Browser. Add Exception is not available now. Looking for a permanent solution.

@philiparthurmoore

This comment has been minimized.

Copy link

@philiparthurmoore philiparthurmoore commented Jul 18, 2018

@amnkhan I haven't found a permanent solution to this issue yet. Adding exceptions is the only thing that seems to work on my end.

@arunsathiya

This comment has been minimized.

Copy link

@arunsathiya arunsathiya commented Aug 15, 2018

I am pretty much stuck with the same issue. Using .app domain does not seem to work for me on Firefox Quantum - there is no option to accept the self-signed certificate, as an exception either.

@drbyte

This comment has been minimized.

Copy link
Contributor

@drbyte drbyte commented Dec 15, 2018

FIREFOX SOLUTION:

Instead of manually adding exceptions separtely for each site served by valet, IMPORT valet's CA to Firefox's certificate Authorities:
firefox certificate part 1
firefox certificates part 2
firefox certificate part 3

@dimsav

This comment has been minimized.

Copy link

@dimsav dimsav commented Dec 17, 2018

@drbyte thank you!

FIREFOX SOLUTION:

Instead of manually adding exceptions separtely for each site served by valet, IMPORT valet's CA to Firefox's certificate Authorities:

If you can't find the ~/config/valet folder, make sure you upgrade to the latest version.

@drbyte

This comment has been minimized.

Copy link
Contributor

@drbyte drbyte commented Jan 16, 2019

@mattstauffer IMO this can be closed.

@r-martins

This comment has been minimized.

Copy link

@r-martins r-martins commented Jan 28, 2020

It seems the latest version creates new .pem for every link you create. So it meand I would need to add a new trusted certificate for every domain .dev I create.

@drbyte

This comment has been minimized.

Copy link
Contributor

@drbyte drbyte commented Jan 28, 2020

It seems the latest version creates new .pem for every link you create.

I'm not sure where you're getting that from.

Using valet 2.8.1 my valet ~/.config/valet/CA/LaravelValetCASelfSigned.pem file does not change when I run valet secure or valet link.

@r-martins

This comment has been minimized.

Copy link

@r-martins r-martins commented Jan 28, 2020

If I use domain test it works fine on firefox, and I don't even need to import certificate.
However, if I use domain dev it complains and doesn't allow me to continue. The import doesn't work because it uses a domain-name.pem certificate.

Did_Not_Connect__Potential_Security_Issue

Opening_pagseguro-exemplo-m2-dev_pem_and_about_certificate

With domain test...

Warning__Potential_Security_Risk_Ahead

It seems to be an issue specific to .dev domains, which can also be a public TLD, and that's why Firefox doesn't allow it anymore. More here..

@drbyte

This comment has been minimized.

Copy link
Contributor

@drbyte drbyte commented Jan 28, 2020

Valet only generates a .pem file for the core CA (certificate authority) that it uses to generate site-specific certificates.
That CA file, which is what you should be importing, is found at:
/Users/your_username/.config/valet/CA/LaravelValetCASelfSigned.pem

It does not generate .pem files for individual sites. So I don't know where you're getting your pagseguro-exemplo-m2-dev.pem file from.

@r-martins

This comment has been minimized.

Copy link

@r-martins r-martins commented Jan 28, 2020

That's the one I've imported... Never mind.. It's ok to use .test or some other non-official-tld name. ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
You can’t perform that action at this time.