Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid certificate regarding localhost #754

Closed
juergenzimmermann opened this issue Aug 2, 2015 · 13 comments
Closed

Invalid certificate regarding localhost #754

juergenzimmermann opened this issue Aug 2, 2015 · 13 comments

Comments

@juergenzimmermann
Copy link

browser-sync 2.8.2 provides a new certificate #750 because the old one was expired. However, when using this certificate with https, then I get an error as shown in the attached screenshot.
The translation in English:

  • title: data security Violation
  • Verbindung = Connection
  • "Die Identität ..." = "The identity of this web site wasn't verified. The Server certificate doesn't confirm with the URL".
    certificate-url
@lindleywhite
Copy link

I have this issue as well. I don't think that the SSL Certificate was signed to localhost.

@shakyShane
Copy link
Contributor

@lindleywhite, @juergenzimmermann

I've just been testing this issue again and can no-longer reproduce it. Can either of you?

@juergenzimmermann
Copy link
Author

@shakyShane I just downloaded and installed the fresh browser-sync 2.8.3. The issue still exists. The certificate looks as follows:
cert browser-sync
However, it should look like this example:
cert http-server
The difference is: in your certificate you have "Internet Widgits Pty Ltd", but it should be "localhost" for local development

@shakyShane
Copy link
Contributor

@juergenzimmermann could you please now try browser-sync@2.9.1

shakyShane added a commit that referenced this issue Sep 3, 2015
@shakyShane
fix(ssl): use localhost when generating self-signed ssl certs - re: #…
a2f4767 
…754
@juergenzimmermann
Copy link
Author

You are almost there. Now Chrome only complains about the SHA-1 key to be an old algorithm (see below). I also attach a screenshot how Chrome looks when the cert is based on SHA-512.
browser-sync sha1
Now the screenshot with a SHA-512 based cert:
sha512

@shakyShane
Copy link
Contributor

Could you provide details about how you created that cert? Having trouble with that bit

@juergenzimmermann
Copy link
Author

I guess you are using OpenSSL (another Option would be "keytool" from a Java installation). So here are my 2 commands for OpenSSL with line continuation for Windows (^):

openssl genrsa -out mykeyfile.pem 8192
openssl req -new -x509 -sha512 -key mykeyfile.pem ^
  -out mycertfile.cer -days <NumberOfDays> ^
  -subj "/emailAddress=my.name@foo.org/CN=localhost/OU=My Organizational Unit/O=My Organization/L=MyCity/ST=MyState/C=de"

"C" means country code with 2 characters. Of course, you can omit the email address or the city (L = location) from the subj(ect) parameter.
I took the infos from the man pages of OpenSSL:

@shakyShane
Copy link
Contributor

Thanks!

@shakyShane
Copy link
Contributor

PR? :p

@juergenzimmermann
Copy link
Author

Can you give me a pointer where you're generating the cert?

@shakyShane
Copy link
Contributor

https://github.com/BrowserSync/browser-sync/tree/master/lib/server/certs

@shakyShane
Copy link
Contributor

If you could also update that gen.sh file with the exact command you use also (only used for later reference)

@shakyShane
Copy link
Contributor

Ignore the .pfx

@juergenzimmermann juergenzimmermann mentioned this issue Sep 7, 2015
Closed
@Strandedpirate Strandedpirate mentioned this issue Nov 30, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@juergenzimmermann @shakyShane @lindleywhite