I've been trying for weeks now to get this self signed certificate working in several browsers (Chrome, Firefox, Edge, IE).
I managed to create the certificate and install it as a trusted root certificate
but in every browser I have to bypass the security to be able to have the test environment (website with xampp).
Today I have focused on Edge and IE (without success), and since the procedure for chrome is slightly different, I will try to make it work in chrome tomorrow.
I tried both to create a new one, and to duplicate an old (working) one, this way:
To create a new certificate, open powershell as admin, then :
New-SelfSignedCertificate -DnsName "127.0.0.1", "localhost" -CertStoreLocation "cert:\LocalMachine\My"
exported as mentioned in this description.
To clone, I used the example in this documentation.
Then I imported the certificates in the 'trusted root certificate' using certlm.msc
.
But I got the error codes DLG_FLAGS_INVALID_CA
and
DLG_FLAGS_SEC_CERT_CN_INVALID
in Edge and IE.
Does someone know a procedure to make this work?
I've been looking al over the net without finding one.
I was trying to do a similar thing and did get the following to work:
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname localhost -FriendlyName "Dev localhost" -NotAfter (Get-Date).AddMonths(240) -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1")
The 'NotAfter' param extends the cert to 20 years. The 'TextExtension' param configures the cert for 'Server Authentication' only. Without this, it defaults to Client Auth + Server Auth. I haven't researched, but the Client Auth seems to cause an issue (which is odd since most online examples don't mention it; I only found one that did).
This will create the cert in both the LocalComputer\Personal & LocalComputer\Intermediate Certification Authority. It also allows you to select the cert in IIS.
In order to actually run the site, the cert needs to get into the Trusted Root Certification Authority. To accomplish this, you can either export/import the cert or nav to the site in IE, click on the red security area and work your way thru the screens to import the cert. The link above shows the import/export approach.
Final notes:
HTH