All geek questions in one place

Create a self-signed certificate for testing the local host and its approval by browsers

I’ve been trying for several weeks to get this self-signed certificate that works in several browsers (Chrome, Firefox, Edge, IE).

I managed to create a certificate and install it as a trusted root certificate , but in every browser I have to bypass the protection in order to have a test environment (website with xampp).

Today I focused on Edge and IE (without success), and since the procedure for chrome is slightly different, I will try to get it to work in chrome tomorrow.

I tried both creating a new one and duplicating the old (working) one, this way:

To create a new certificate, open powershell as admin, and then:

 New-SelfSignedCertificate -DnsName "127.0.0.1", "localhost" -CertStoreLocation "cert:\LocalMachine\My"

exported as indicated in this description .

To clone, I used an example in this documentation .

Then I imported the certificates into a "trusted root certificate" using certlm.msc .

But I got DLG_FLAGS_INVALID_CA and DLG_FLAGS_SEC_CERT_CN_INVALID error codes in Edge and IE.

Does anyone know a procedure to make this work?
I searched everything on the network without finding it.

+5
source share
2 answers

I tried to do a similar thing and got the following:

 New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname localhost -FriendlyName "Dev localhost" -NotAfter (Get-Date).AddMonths(240) -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1")

The "NotAfter" parameter extends the certificate to 20 years. The TextExtension parameter configures the certificate for Server Authentication only. Without this, Client Auth + Server Auth is used by default. I have not researched, but client Auth seems to be causing the problem (which is strange, since most online examples don't mention it, I found one that did).

This will create a certificate in both LocalComputer \ Personal and LocalComputer \ Intermediate Certification Authority. It also allows you to select a certificate in IIS.

To actually start the site, the certificate must go to a trusted root certification authority. To do this, you can export / import the certificate or navigate to the site in IE, click the red security zone and work on the screens to import the certificate. The link above shows the import / export approach.

Concluding remarks:

  • I had to close / re-open IE (11.726.15063) in order to get a security warning, even though IE informed me that the certificate was installed.
  • My site worked fine in chrome (62) after a security warning was issued in IE.
  • I used localhost and a non-standard port for my site, not a DNS name. Everything seemed beautiful.

NTN

+3
source

Code error code: DLG_FLAGS_INVALID_CA very worst, and users do not even suspect why they see the error code DLG_FLAGS_INVALID_CA . This is due to the following reasons:

  • If the website certificate is not installed exactly.
  • If the certificate is valid or expired, the administrator does not renew it.
  • Most likely, the site you are visiting is compromised or maliciously redirected to the site. I got a lot of help from https://geekermag.com/error-code-dlg_flags_invalid_ca/ to solve this problem. The information on this page is really helpful. The page has a full explanation of the error and the solution to the problem.
-2
source

Source: https://habr.com/ru/post/1269632/

More articles:


All Articles