0

I'm trying to generate a valid SSL certificate for running a website on my machine locally.

I've followed every tutorial I can find but every time I make a certificate using makecert.bat, Chrome and Edge tell me the certificate is invalid.

Does this batch file still work or is it outdated?

My site is located at https://mysite.local

In my hosts file I have....

127.0.0.1       mysite.local
127.0.0.1       www.mysite.local

In my httpd-vhosts.conf file I have:

<VirtualHost *:80>
    ServerName mysite.local
    ServerAlias www.mysite.local
    DocumentRoot "C:/Projects/MySite/source/httpdocs"
    <Directory "C:/Projects/MySite/source/httpdocs">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
<VirtualHost *:443>
    ServerName mysite.local
    ServerAlias www.mysite.local
    SSLEngine on
    SSLCertificateFile "conf/ssl.crt/server.crt"
    SSLCertificateKeyFile "conf/ssl.key/server.key"
    DocumentRoot "C:/Projects/MySite/source/httpdocs"
    <Directory "C:/Projects/MySite/source/httpdocs">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

So, when I run makecert.bat do I use mysite.local as my common name?

Edit 1

As pointed out, I didn't supply enough detail, so these are the steps I've taken so far:

  1. Run makecert.bat
  2. Entered PEM pass phrase (twice)
  3. Entered GB as Country Name
  4. Entered nothing (just pressed ENTER) for State or province name, Locality name, Organization name, Organisational Unit
  5. Entered mysite.local for Common Name
  6. Entered nothing (just pressed ENTER) for Email address, Challenger password, Company name
  7. Entered same passphrase as in step 2

After the certificate was generated....

  1. I ran certificate manager
  2. Double clik Trusted Root Certification Authorities
  3. Right click Certificates & select All Tasks->Import
  4. Click Next (Local Machine defaulted)
  5. Browsed to C:\xampp\apache\conf\ssl.crt\server.crt & clicked Next
  6. Clicked Next (defaulted to Place certificate in Trusted Root Certification Authorities)
  7. Clicked Finish

Now start Xampp Apache and browse to https://mysite.local

Edit 2

The actual error I see is NET::ERR_CERT_COMMON_NAME_INVALID

I've created a certificate for the following but get the same error each time.

mysite
mysite.local
www.mysite.local
halfer
  • 19,824
  • 17
  • 99
  • 186
Damian
  • 1,652
  • 4
  • 26
  • 44
  • *"I've followed every tutorial...."* - which says exactly nothing about what you actually did. And nothing in your question shows how you've created the certificates and you also don't show the exact and full error messages you've got but only your interpretation or summary of it (*"is invalid"*). Downvoted because your question does not contain any useful information necessary to help you with the problem. – Steffen Ullrich Mar 01 '20 at 18:45
  • @Steffen - point taken, please see the edit. Thanks! – Damian Mar 01 '20 at 18:57
  • Thanks for addressing the first part of my comment. You are still did not provide the full error message though but only say "certificate is invalid". Chance is high that if you would enter the full error message into a search engine you would actually find the cause of your problem. – Steffen Ullrich Mar 01 '20 at 19:14
  • @Steffen - edit 2 shows the error I see – Damian Mar 01 '20 at 20:03
  • Duplicate. The way you create certificates only uses common name for the domain but not subject alternative names. But these are needed today. – Steffen Ullrich Mar 01 '20 at 20:24
  • This tutorial, complete with downloads really helped me.https://shellcreeper.com/how-to-create-valid-ssl-in-localhost-for-xampp/ I just needed to add a second DNS entry including the www so DNS.2 = www.mysite.local – Damian Mar 02 '20 at 20:06
  • Hi Damian. Please try to refrain from expressions of gratitude and/or desperation and/or sad-face emoticons in your questions. These will get edited out eventually, based on our desire to adhere to technical writing as much as possible. I seem to remember I have removed this kind of material from your posts before. Thank you. – halfer Mar 07 '20 at 15:27
  • Note that we prefer a technical style of writing here. We gently discourage greetings, hope-you-can-helps, thanks, advance thanks, notes of appreciation, regards, kind regards, signatures, please-can-you-helps, chatty material and abbreviated txtspk, pleading, how long you've been stuck, voting advice, meta commentary, etc. Just explain your problem, and show what you've tried, what you expected, and what actually happened. – halfer Mar 07 '20 at 15:27

0 Answers0