wget ERROR: cannot verify localhost's certificate, ..Self-signed certificate encountered

Question

How Can I implement a secure https connection on ngnix

I want to implement https on my localhost.I am running http server nginx on ubuntu 20.04

What I did was i issued the command

sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/localhost.key -out /etc/ssl/certs/localhost.crt -config /tmp/openssl

Then I configured nginx to use ssl as

    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    ssl_certificate /etc/ssl/certs/localhost.crt;
    ssl_certificate_key /etc/ssl/private/localhost.key;

And Refreshed and reloaded nginix ...ok fine . .Every thing went fine

But when i tried to connect to https://localhost

I got as

Then I clicked Advance and proceeded ..Then I got a MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT Error in Firefox

The picture is

Then i could view the page but connection seems to be insecure ...

How can i obtain a secure connection

I tried wget

The result is

  --2021-05-11 05:21:37--  https://localhost/
      Resolving localhost (localhost)... 127.0.0.1
      Connecting to localhost (localhost)|127.0.0.1|:443... connected.
     ERROR: cannot verify localhost's certificate, issued by ‘CN=localhost,OU=Development,O=Localhost                                CA,L=Rochester,ST=New York,C=US’:
      Self-signed certificate encountered.
         To connect to localhost insecurely, use `--no-check-certificate'.

I tried with postman still getting a signing key error...

How can i get rid of this signing key intermediate certificate error..

I refered the tutorial here ... The operating System I am using is ubuntu 20.04 and the server i am trying to implement it is nginx

How can i make a trusted https localhost connection..any Help will be appreciated

I would believe aside for generating a certificate, you also need to include the certificate in your browser's certificate store. That said, this isn't really a programming question so probably should be moved to superuser or similar channel. — ewokx, May 11 '21 at 00:16
I tried to add it to the store.. still the connection is insecure...any way thanks ewong..for the comment i have moved this question to super user... — Midhun Raj, May 11 '21 at 01:03
Good luck! (Side note: I think you also need to ensure you trust the certificates in your browser). but that's a guess. — ewokx, May 11 '21 at 01:04
@ewong i did so ...but still connection is showing as not secure — Midhun Raj, May 11 '21 at 01:19

score 0 · Answer 1 · answered Dec 14 '22 at 19:26

The MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT is nasty, but it doesn't (necessarily) indicate something is wrong with the certificate.

If you are on Windows/Mac, you can add the new certificate to the OS Trust Store, and enable security.enterprise_roots.enabled on the about:config page in Firefox.

https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox

If you are on Linux, a policy file will allow the OS certificate authorities to be trusted.

Create a file "policies.json" in the "distribution" directory of the Firefox install location, and point it to the certificate file:

{
  "policies": {
    "Certificates": {
      "ImportEnterpriseRoots": true,
      "Install": ["localhost.crt","/path/to/cert/file"]
    }
  }
}

https://github.com/mozilla/policy-templates/blob/master/README.md#certificates--install

This Q&A on a similar question may have some more information:
https://stackoverflow.com/a/74802552/2657515

thanks @JonathanDavidArndt for taking effort to clarify the above query — Midhun Raj, Jan 07 '23 at 03:35

wget ERROR: cannot verify localhost's certificate, ..Self-signed certificate encountered

1 Answers1