mkcert certificate not works on local ip adress

Question

I'm trying to convert my app to PWA and I need to use https on localhost on my raspberrypi 4 and can be reached using 192.168.0.2 on LAN

Certificate seems to be not valid and I don't understand what I'm missing.

All command are executed as root user and all steps are from GitHub official page

mkcert -install

mkcert 192.168.80.2
Using the local CA at "/root/.local/share/mkcert" ✨

Created a new certificate valid for the following names �
 - "192.168.0.2"

The certificate is at "./192.168.0.2.pem" and the key at "./192.168.0.2-key.pem" ✅

mv 192.168.0.2-key.pem /etc/apache2/ssl/192.168.0.2-key.pem
mv 192.168.0.2.pem /etc/apache2/ssl/192.168.0.2.pem

ls -l /etc/apache2/sites-enabled
lrwxrwxrwx 1 root root   29 Jul 21 16:34 hiker.conf -> ../sites-available/hiker.conf

sites-available/hiker.conf

<VirtualHost *:80>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    ServerName 192.168.0.2
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www

    Alias /hiker /var/www/hiker/public

    <Directory /var/www/hiker/public>
        AllowOverride All
        Order Allow,Deny
        Allow from All
   </Directory>

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerName 192.168.0.2
        ServerAdmin webmaster@localsite.test
 
        DocumentRoot /var/www
 
        Alias /hiker /var/www/hiker/public

        <Directory /var/www/hiker/public>
            AllowOverride All
            Order Allow,Deny
            Allow from All
        </Directory>
 
        ErrorLog ${APACHE_LOG_DIR}/localsite-error.log
        CustomLog ${APACHE_LOG_DIR}/localsite-access.log combined
 
        SSLEngine on 
        SSLCertificateFile  /etc/apache2/ssl/192.168.0.2.pem
        SSLCertificateKeyFile /etc/apache2/ssl/192.168.0.2-key.pem
    </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

apachectl configtest
Syntax OK

service apache2 restart

Nothing here suggests that the CA for the certificate is installed as trusted in the browser on the system you access the server from. The reason for the problem is likely that the CA is not trusted by the browser. — Steffen Ullrich, Jul 21 '21 at 15:30
What should I do ? My tests for PWA can’t be done because it should be served using https and it’s not for now :( — akio, Jul 21 '21 at 15:35
See [Installing the CA on other systems](https://github.com/FiloSottile/mkcert#installing-the-ca-on-other-systems) in the documentation for mkcert. — Steffen Ullrich, Jul 21 '21 at 15:39
I’m sorry I do not understand what I have to do with ‘installing the CA on other systems’ I used mkcert on my raspberry.. — akio, Jul 21 '21 at 15:44
*"I used mkcert on my raspberry.."* - and on which system is your browser? — Steffen Ullrich, Jul 21 '21 at 15:49
*"Chrome on Windows 10 ...*" - that's what meant with "other systems". You somehow need to import the root CA as trusted into the system, so that the browser does not complain about an unknown certificate authority anymore. How to do this should be easy to find, there are lots of resources about this topic. — Steffen Ullrich, Jul 21 '21 at 16:57

score 1 · Answer 1 · answered Jul 22 '21 at 07:38

1

I found the solution thank to @SteffenUllrich.

I order to import CA into windows 10 follow steps described here "make-computer-trust-certificate-authority"

I can now make tests to convert my app to PWA

answered Jul 22 '21 at 07:38

akio

851
9
29

mkcert is not being trusted by my computer. – brohjoe Jul 17 '22 at 01:42

mkcert certificate not works on local ip adress

1 Answers1