Self Signed Certificate

James Oravec picture James Oravec · Apr 6, 2016 · Viewed 7.6k times · Source

I'm trying to get a cert to work with a dev url on my local machine.

I've generated a self signed cert using keytool and have it connected with jboss. In chrome I can click on the lock with the x in it to view the cert details.

I downloaded the cert, added it to System and set the trust level to Always Trust. As per directions in Getting Chrome to accept self-signed localhost certificate . Then I loaded the page (even restarted browser, followed by system reboot to make sure everything was picked up).

I still see the lock with red x in chrome, for my dev url, 127.0.0.1, and localhost. What am I doing wrong to get chrome to trust the site for the local host, which is followed by the real question, which is do I need to anything special to get it to work for my dev url?

My hosts file has the dev url and localhost resolving to 127.0.0.1. When doing real certs I know the domain has to be specified, which is making me wonder if I need to do anything special for the custom dev url.

Answer

James Oravec picture James Oravec · Apr 6, 2016

I finally figured out my issue and am posting the answer for anyone else who runs into the same problem. I also posted the answer in the referenced question.

The question referenced has an answer suggest by bjnord, Google Chrome, Mac OS X and Self-Signed SSL Certificates. This blog did not solve the problem directly, however there was a comment to the blog that was gold:

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain site.crt

You pretty much have to follow the directions in the blog to get the cert, then use the command above to install it properly.

I also found that for the java keytool that when you are prompted for your first and last name, this acts like the CN, so you enter your url there instead. After doing this, everything worked fine with the custom dev url.