Roots Discourse

Issue with local self-signed SSL certificate

trellis
#1

I followed the instructions for enabling a self-signed SSL certificate in the Trellis config:

    ssl:
      enabled: true
      provider: self-signed
      hsts_max_age: 0
    cache:
      enabled: false

After provisioning, the certificate has been created. As expected, Chrome doesn’t trust it and throws a warning when I hit the new https URLs. I want to trust the new certificate, so I install and use the vagrant helper tool from @TangRufus. I run vagrant trellis-cert trust and I get a success message. All seems well. I restart Chrome and hit my local https pages again.

Uh-oh, Chrome still says my certificate is invalid.

I crack open the Trellis-generated certificate for a closer look, and I notice something odd under the Subject Alternative Name bit. My local server is modernadventure.test, with no subdomain. However, the Subject Alternative Name says

DNS modernadventure.testDNS:

This seems wrong. I am expecting it to look more like DNS modernadventure.test and I’m wondering if it’s causing my issues with Chrome refusing to trust my certificate. Is it possible Trellis is generating the wrong value for the Subject Alternative Name? Or maybe I’ve misconfigured something somewhere else?

0 Likes

#2

Hmm, I just switched an old project to use the .test-TLD instead of .dev and after having completed the switch as per @Simeon’s instructions the certificate being issued by trellis is still for the .dev-domain. Any chance this is related?

0 Likes

closed #3

This topic was automatically closed after 42 days. New replies are no longer allowed.

0 Likes