2

I've created a self-signed certificate for use on my Windows 10 development machine and I've added it to the Trusted Root Certification Authorities/Certificates as advised by How to install an Apache Self Signed Certificate on Windows 10 on YouTube. I can see the certificate has been installed by using certmgr.msc.

enter image description here

When I go to the HTTPS address in Edge (the browser used in the video), I get the following error message by clicking on Details:

The hostname in the website’s security certificate differs from the website you are trying to visit.

Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID

Firefox says:

dev.hmr-app uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is not valid for the name dev.hmr-app.

Error code: SEC_ERROR_UNKNOWN_ISSUER

and

https://dev.hmr-app/

Peer's Certificate issuer is not recognised.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

[Certificate chain removed]

I get a similar message in all other browsers. While I can manually create an exception for each browser, I'd prefer to have it just work in all of them as if I was browsing a real site.

I've double and triple checked the certificate, and the address is exactly the same as the one I'm using to access the local development site.

The relevant bits of my httpd-vhosts.conf are as follows:

<VirtualHost *:443> ServerName dev.hmr-app ErrorLog "logs/dev.hmr-app-error.log" CustomLog "logs/dev.hmr-app-access.log" common SSLEngine on SSLCertificateFile "C:/server/Apache24/conf/server.crt" SSLCertificateKeyFile "C:/server/Apache24/conf/server.key"

How can I get this to work?

Improve this question
11
  • 1
    You can trust a self-signed certificate all day won’t stop the browser from complaining if the certificate is invalid for other reasons. Only reason it shouldn’t complain about is the fact it’s self-signed. Why are you not using something like Let’s Encrypt which is trusted by ALL browsers?
    – Ramhound
    Commented Oct 26, 2017 at 1:12
  • “The certificate is not valid for the name dev.hmr-app.” I suspect part of your problem is your creating a certificate for an invalid domain.
    – Ramhound
    Commented Oct 26, 2017 at 1:16
  • @Ramhound In what way is the domain invalid?
    – CJ Dennis
    Commented Oct 26, 2017 at 1:17
  • Answer my question first then I will answer that question.
    – Ramhound
    Commented Oct 26, 2017 at 1:18
  • 2
    Firefox won’t use the Windows certificate store like mentioned. So you have to manually import it in Firefox. However, assuming all other components are correct, you should be importing the “root” certificate, which is the cert used to sign the cert you created, in to trusted roots which will then cause all sub certificates to be trusted. Or, using a single cert only, then you should import the certificate in to the “Computer” store under the “personal” folder using the certificates snap in of mmc.exe.
    – Appleoddity
    Commented Oct 26, 2017 at 1:42

2 Answers 2

Reset to default
2

Your certificate is for dev.hrm-app but your Apache configuration is set to dev.hmr-app

enter image description here

From your Apache configuration file:

ServerName dev.hmr-app

dev.hmr-app uses an invalid security certificate.

The certificate is not trusted because it is self-signed. The certificate is not valid for the name dev.hmr-app.

Be sure to add your self-signed certificate into the Firefox certificate store to resolve self-signed error. The second error is due to your Apache configuration and your certificate being assigned to different domains.

Improve this answer
0

I had mistyped the domain name and it looked so similar, I didn't notice even after repeated checking.

Improve this answer
5
  • Please don't add "thank you" as an answer. Instead, accept the answer that you found most helpful. - From Review
    – Scott - Слава Україні
    Commented Oct 27, 2017 at 0:52
  • @Scott What are you talking about "thank you"? I will accept the answer that I found most helpful - mine, since I solved it myself - when the 2 day time limit is up. Please read the comments on the question. Ramhound was not hugely helpful and based his/her answer on one of my comments. They deserve no credit.
    – CJ Dennis
    Commented Oct 27, 2017 at 1:08
  • “Ramhound was not hugely helpful“ You didn’t provide the information I requested. Wasnt given a chance to come to the same conclusion
    – Ramhound
    Commented Oct 27, 2017 at 2:02
  • @Ramhound Nor were you totally unhelpful, but your questions were leading in the wrong direction, as well as being childish: "Answer my question first then I will answer that question."
    – CJ Dennis
    Commented Oct 27, 2017 at 2:36
  • 1
    We will have to agree to disagree with regards to that particular method I used.
    – Ramhound
    Commented Oct 27, 2017 at 3:03

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .