All geek questions in one place

How to get https certificate on local Laravel Homestead website

I get this problem:

enter image description here

The error I see in Windows 10 Chrome Version 65.0.3325.181 (Official Build) (64-bit):

Your connection is not private

Attackers may try to steal your information from ((mysite)) (such as passwords, messages or credit cards). More NET :: ERR_CERT_AUTHORITY_INVALID

This page is unsafe (broken HTTPS).

Certificate - not available

This site does not have a valid trusted certificate (Net :: ERR_CERT_AUTHORITY_INVALID).

Firefox Quantum 59.0.2 (64-bit) says:

Your connection is not safe

The owner ((mysite)) has configured his site improperly. To protect your information from theft, Firefox is not connected to this website.

The connection is not secure

This certificate could not be verified because the issuer is unknown.

I already tried: stack overflow

vboxmanage --version 5.2.6r120293 vagrant -v Vagrant 2.0.2 git branch * (HEAD detached at v7.3.0) vagrant box list laravel/homestead (virtualbox, 5.2.0) vagrant box update ==> vboxHomestead: Checking for updates to 'laravel/homestead' vboxHomestead: Latest installed version: 5.2.0 vboxHomestead: Version constraints: >= 5.2.0 vboxHomestead: Provider: virtualbox ==> vboxHomestead: Box 'laravel/homestead' (v5.2.0) is running the latest version.

Interestingly, this means that I have not used release 7.1.0 (which has “SSL certificates with a custom root certificate” in my change list), and I wonder why I encountered this SSL HTTPS problem.

What are the next steps I should try to get a certificate?

0
source share
2 answers

Unfortunately, I have no easy way to test it on Windows, so I am going to use VirtualBox for Linux here. Install vagrant , then:

 $ vagrant box add laravel/homestead $ git clone https://github.com/laravel/homestead.git $ cd homestead $ git checkout v7.3.0 $ bash init.sh

I simplified Homestead.yaml bit (you might want to stick with the default settings):

 --- ip: "192.168.10.10" provider: virtualbox folders: - map: /home/yuri/_/la1 to: /home/vagrant/code sites: - map: homestead.test to: /home/vagrant/code/public

Then:

 $ mkdir -p ~/_/la1/public $ echo '<?php echo "it works";' > ~/_/la1/public/index.php $ vagrant up $ vagrant ssh -c 'ls /etc/nginx/sites-enabled' homestead.test $ vagrant ssh -c 'cat /etc/nginx/sites-enabled/homestead.test' server { listen 80; listen 443 ssl http2; server_name .homestead.test; root "/home/vagrant/code/public"; ... ssl_certificate /etc/nginx/ssl/homestead.test.crt; ssl_certificate_key /etc/nginx/ssl/homestead.test.key; }

As we can see, it has certificates in /etc/nginx/ssl :

 $ vagrant ssh -c 'ls -1 /etc/nginx/ssl' ca.homestead.homestead.cnf ca.homestead.homestead.crt ca.homestead.homestead.key ca.srl homestead.test.cnf homestead.test.crt homestead.test.csr homestead.test.key

I tried to trust a server certificate all over the country, but that didn't work. It appeared on the Servers tab in Firefox Certificate Manager, but Firefox did not trust it. I might have added an exception, but trusting CA certificates look like the best option. A trusted CA certificate makes the browser trusted with any certificate that they issue (new sites running under Homestead). So, we are going to go with a CA certificate here:

 $ vagrant ssh -c 'cat /etc/nginx/ssl/ca.homestead.homestead.crt' > ca.homestead.homestead.crt $ sudo trust anchor ca.homestead.homestead.crt $ trust list | head -n 5 pkcs11:id=%4c%f9%25%11%e5%8d%ad%5c%2a%f3%63%b6%9e%53%c4%70%fa%90%4d%77;type=cert type: certificate label: Homestead homestead Root CA trust: anchor category: authority

Then I added 192.168.10.10 homestead.test to /etc/hosts , restarted Chromium, and it worked:

PS I am running Chromium 65.0.3325.162 and Firefox 59.0.

Window

There seems to be no trust utility on Windows. According to Ryan, you can add the certificate as follows:

 certutil -addstore -enterprise Root ca.homestead.homestead.crt

Read more about it here . And do not forget to restart your browser.

more detailed explanation of how this works

In Vagrantfile it requires scripts/homestead.rb , then runs Homestead.configure . This is the method that vagrant sets vagrant to make all necessary preparations.

Here we can see :

 if settings.include? 'sites' settings["sites"].each do |site| # Create SSL certificate config.vm.provision "shell" do |s| s.name = "Creating Certificate: " + site["map"] s.path = scriptDir + "/create-certificate.sh" s.args = [site["map"]] end ... config.vm.provision "shell" do |s| ... s.path = scriptDir + "/serve-#{type}.sh" ... end ... end end

So, these two files create a certificate and nginx config respectively.

further reading

How to make an SSL certificate of a trusted SSL server?

+3
source

Your problem is that the issuer is unknown. As you mentioned in the errors; "This site does not have a valid trust certificate" or "This site does not have a valid trust certificate (net :: ERR_CERT_AUTHORITY_INVALID)"

Let's first understand why this error occurs. Browsers have a list of trusted certificate authorities. This list can be seen in the settings / preferences of different browsers. If your certificate is not issued by one of these authorities, you will receive the above error.

FIXING THIS ON LOCAL I can think of two possible solutions;

  • Add the certificate to the browser and it will open using https.

OR

  1. Sign the certificate with an already trusted body. Install certificates on the local server. Configure the host in the / etc / hosts file with the same name of your domain from which you signed the certificate.

I hope this solves the problem.

0
source

Source: https://habr.com/ru/post/1273660/

More articles:


All Articles