2

I want to access localhost via HTTPS by Chrome.

Would you tell me how to solve ?

  • localhost is building with tomcat in Spring Boot.

  • I finished to

    1. create self-signed certification(*1)
    2. enable HTTPS on Spring Boot(*2)
    3. import the certificattion by Chrome(*3)

  • But when I access localhost Chrome display "NET::ERR_CERT_AUTHORITY_INVALID".

my environment:

Ubuntu 18.04
Chrome 79
Spring Boot 2.2.2
Tomcat 9

*1 create self-signed certification:

$ keytool -genkeypair -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 -ext san=dns:localhost -ext san=ip:127.0.0.1

*2 enable HTTPS on Spring Boot

$ vi src/main/resources/application.properties
  server.port=8443↲
  server.ssl.enabled=true↲
  server.ssl.key-store=keystore.p12↲
  server.ssl.key-store-password=password↲
  server.ssl.key-password=password↲
  server.ssl.key-store-type=PKCS12↲
  server.ssl.key-alias=tomcat↲
  security.require-ssl=true↲

*3 import the certificattion

$ keytool -exportcert -keystore keystore.p12 -alias tomcat -file keystore.der

(or when I access localhost, export the certificate from Chrome display)

After do, on Manage certificates import keystore.der.(Chrome setting:GUI)

Thanks Regard.

drytt
  • 51
  • 1
  • 8

2 Answers2

2

Your certificate is self-signed, so Chrome has no way of verifying that the certificate is valid. Self signed means that you confirm that you are you.

You can either add an exception (preferred way) or import your certificate into Chrome and trust this certificate. If you do the later it means that from now own Chrome will trust this certificate. If you loose it, or share it (eg. with your source code) someone could potentially create a secure site that your browser will no accept as valid no matter what.

Witch Chrome you could also allow invalid certificates for localhost by visiting 

chrome://flags/#allow-insecure-localhost

and check "Enable".

phisch
  • 4,571
  • 2
  • 34
  • 52
  • @phish thank you for your reply. So, I just did "import your certificate into Chrome and trust this certificate" by *1-*3 action. If you have any idea, wolud you tell me something else. – drytt Feb 03 '20 at 11:01
  • My pleasure. Let me know if you need more input. Otherwise I'd much appreciate if you could upvote or accept my answer, whatever you find more appropriate. – phisch Feb 03 '20 at 11:03
  • @phish I'm sorry that I couldn't upvotes your answer because my reputation is less than 15 reputation. Thanks you very much for your adding reply, I tried but It is wrong work. And I research ... I have solved it. I'll answer this question myself and close this question. – drytt Feb 03 '20 at 14:48
1

Solved

Getting Chrome to accept self-signed localhost certificate

Excerpt from the above link

  1. on Terminal

    • $ sudo apt-get install libnss3-tools

  2. on Chrome

    • click the lock icon with an X,
    • choose Certificate Information
    • go to Details tab
    • Click on Export... (save as a file)

  3. on Terminal

    • $ certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n YOUR_FILE -i YOUR_FILE
drytt
  • 51
  • 1
  • 8
  • This is primarily for Linux users. First I was sceptical of this answer. But then I saw it here: https://stackoverflow.com/a/12478732/8903177 and it is the same command. I restarted Brave (Chromium based) and it started working. – Benjamin Heinke Jul 22 '22 at 14:40