I'm getting this problem:
The error that I'm seeing in Windows 10 Chrome Version 65.0.3325.181 (Official Build) (64-bit) is:
Your connection is not private
Attackers might be trying to steal your
information from ((mysite)) (for example, passwords,
messages, or credit cards). Learn more NET::ERR_CERT_AUTHORITY_INVALIDThis page is not secure (broken HTTPS).
Certificate – missing
This
site is missing a valid, trusted certificate
(net::ERR_CERT_AUTHORITY_INVALID).
Firefox Quantum 59.0.2 (64-bit) says:
Your connection is not secure
The owner of ((mysite)) has configured their website
improperly. To protect your information from being stolen, Firefox has
not connected to this website.Connection is Not Secure
Could not verify this certificate because the
issuer is unknown.
I have already tried: https://stackoverflow.com/a/47755133/470749
vboxmanage --version
5.2.6r120293
vagrant -v
Vagrant 2.0.2
git branch
* (HEAD detached at v7.3.0)
vagrant box list
laravel/homestead (virtualbox, 5.2.0)
vagrant box update
==> vboxHomestead: Checking for updates to 'laravel/homestead'
vboxHomestead: Latest installed version: 5.2.0
vboxHomestead: Version constraints: >= 5.2.0
vboxHomestead: Provider: virtualbox
==> vboxHomestead: Box 'laravel/homestead' (v5.2.0) is running the latest version.
I wonder if this means that I'm not yet using release 7.1.0 (which has in its changelog "sign SSL certificates with a custom root certificate"), and I wonder if that's why I have this SSL HTTPS problem.
What are the next steps I should try now to get the certificate working?
Best Answer
Unfortunately, I don't have an easy way of checking it on Windows, so I'm going to use VirtualBox running on Linux here. Install
vagrant
, then:I've simplified
Homestead.yaml
a bit (you might prefer to stick with the defaults):Then:
As we can see it has the certificates in
/etc/nginx/ssl
:I tried to trust server certificate systemwide, but it didn't work out. It appeared on Servers tab in Firefox' Certificate Manager, but that didn't make Firefox trust it. I could probably have added an exception, but trusting CA certificates looks like a better option. Trusting CA certificate makes browser trust any certificate they issue (new sites running under Homestead). So we're going to go with CA certificate here:
Then, I've added
192.168.10.10 homestead.test
to/etc/hosts
, restarted Chromium, and it worked:P.S. I'm running Chromium 65.0.3325.162, and Firefox 59.0.
Windows
Apparently, Windows doesn't have
trust
utility. Under Windows one has two stores: Local Machine and Current User Certificate stores. No point in using Local Machine Certificate Store, since we're making it work just for our current user. Then, there are substores. With two predefined of them being of most interest: Trusted Root Certification Authorities and Intermediate Certification Authorities Stores. Commonly referred in command line as root and CA.You can access Chrome's Certificate Manager by following chrome://settings/?search=Manage%20certificates, then clicking Manage certificates. Of most interest are Trusted Root Certification Authorities and Intermediate Certification Authorities tabs.
One way to manager certificates is via command line:
The results are as follows (for both Local Machine and Current User Certificate stores):
Other options would be double-clicking on a certificate in Explorer, importing certificates from Chrome's Certificate Manager, using Certificates MMC Snap-in (run
certmgr.msc
), or usingCertMgr.exe
.For those who have
grep
installed, here's how to quickly check where is the certificate:So, installing CA certificate into Current User > Trusted Root Certification Authorities store seems like the best option. And make sure not to forget to restart your browser.
more in-depth explanation of how it works
In
Vagrantfile
it requiresscripts/homestead.rb
, then runsHomestead.configure
. That's the method, that configuresvagrant
to make all the needed preparations.There we can see:
So, these two files create certificate and
nginx
config respectively.further reading
How to make browser trust localhost SSL certificate?