1

How do i make my local server to accept self signed certificate and remove the red line across HTTPS. I used the guide found on DigitalOcean on how to setup the self signed SSL. I just need to make this work.

PS. i also tried to check other stack overflow answered forums but no luck.

side note if relevant: does having a red line on HTTPS creates issues with service worker? I am trying to enable PWA on my project. when loading my page, it gives error message SSL certificate error occured when fetching the script

flavio.donze
  • 7,432
  • 9
  • 58
  • 91
Mr. Kenneth
  • 384
  • 1
  • 2
  • 14
  • Anyone’s browser or just your browser? – Richard Smith Aug 04 '20 at 07:09
  • anyone's broswser. right now I got it working on my localhost. (setup HTTPS with mkcert) but on remote when accessing my localhost domain name, it still has the trust issue.. – Mr. Kenneth Aug 04 '20 at 07:14
  • I tried enabling the `chrome://flags/#unsafely-treat-insecure-origin-as-secure` and added the domain name and also `--ignore-certificate-errors --unsafely-treat-insecure-origin-as-secure=https://domainName` on target of Chrome Properties. still the same issue. – Mr. Kenneth Aug 04 '20 at 07:18
  • You can’t make another’s browser trust your self signed certificate. You need to use a certificate that’s signed by someone it trusts. Use let’s encrypt if you want a free solution. – Richard Smith Aug 04 '20 at 07:22
  • wait. you mean that it is normal that when I load my program from other PC, it shows not secure ? – Mr. Kenneth Aug 04 '20 at 07:24

3 Answers3

2

Browsers will show a warning if you are connecting to a web server which is using a self-signed certificate. You can override this warning by telling your browser to trust this certificate but there is no good way you can get rid of the warning in other people's browser.

Instead you need a certificate signed by a trusted certificate authority. As Richard Smith pointed out you can get one that is trusted by all major browsers for free at Let's Encrypt. I would encourage you to read the Wikipedia article about self-signed certificates - if you're running a web server with HTTPS it's a good idea to understand the basics.

Martin Konrad
  • 1,075
  • 1
  • 10
  • 20
2

I had to jump through a lot of hoops to get my self signed cert to work in chrome for my local dev website. Created the crt/key I had to use a config file for the openssl command..regular command wouldn't cut it.

openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out www.website.local.crt -keyout www.website.local.key -config minimal.cnf

and minimal.cnf

prompt             = no distinguished_name = req_dn x509_extensions = x509_ext

[ req_dn ]

commonName             = www.website.local

[ x509_ext ]

subjectAltName = @alt_names

[alt_names] DNS.1 = www.website.local DNS.2 = website.local

Then of course from the browser go the local website url...click the not secure button by the url ...navigate through a few windows and tabs to export the cert, then open up chrome settings and import the cert as a Trusted Root cert and you should finally get the soothing gray for your local dev website.

Stan Quinn
  • 473
  • 5
  • 12
0

Another option would be mkcert, it basically installs a locally trusted CA and then lets you create certificate files, see instructions on github: https://github.com/FiloSottile/mkcert

It seems a relatively clean approach without the hoops @Stan Quinn had to go through, but it's good to know that there are still other ways than installing a locally trusted CA! The "old" way (via openssl) still seems to work in Firefox, so no idea why chrome must be such a b****.

exside
  • 3,736
  • 1
  • 12
  • 19