I haven't seen that particular error before, but based on the error name it sounds like you may be using the generated root CA cert directly as the cert served by your app. You'll want to generate a leaf cert off of the root and have your app serve that locally.
Firefox
The latest news and developments on Firefox and Mozilla, a global non-profit that strives to promote openness, innovation and opportunity on the web.
You can subscribe to this community from any Kbin or Lemmy instance:
Related
- Firefox Customs: !FirefoxCSS@fedia.io
- Thunderbird: !Thunderbird@fedia.io
Rules
While we are not an official Mozilla community, we have adopted the Mozilla Community Participation Guidelines as far as it can be applied to a bin.
Rules
-
Always be civil and respectful
Don't be toxic, hostile, or a troll, especially towards Mozilla employees. This includes gratuitous use of profanity. -
Don't be a bigot
No form of bigotry will be tolerated. -
Don't post security compromising suggestions
If you do, include an obvious and clear warning. -
Don't post conspiracy theories
Especially ones about nefarious intentions or funding. If you're concerned: Ask. Please don’t fuel conspiracy thinking here. Don’t try to spread FUD, especially against reliable privacy-enhancing software. Extraordinary claims require extraordinary evidence. Show credible sources. -
Don't accuse others of shilling
Send honest concerns to the moderators and/or admins, and we will investigate. -
Do not remove your help posts after they receive replies
Half the point of asking questions in a public sub is so that everyone can benefit from the answers—which is impossible if you go deleting everything behind yourself once you've gotten yours.
Seconded. I use self signed certs all the time, but never the root CA cert. I also don’t add my cert at the OS level, I just add it at the browser level
Does the certificate have a basic constraints extension with CA:TRUE
set? Firefox doesn't allow that for certificates used as ‘end entity’ certificates. You'll want to re-generate the certificate without the extension.
Looking at the certificate, it seems that yes, the certificate authority is set to 'yes'. So the certificate needs to be regenerated?