Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running mkcert -install as root on Linux doesn't install into the Java trust store #182

Closed
darioseidl opened this issue Jul 29, 2019 · 3 comments
Closed

Running mkcert -install as root on Linux doesn't install into the Java trust store #182

darioseidl opened this issue Jul 29, 2019 · 3 comments
Labels
waiting for info Waiting for feedback from the user

Comments

@darioseidl
Copy link

darioseidl commented Jul 29, 2019
edited
Loading

Probably a user error, but maybe the documentation/output could be improved.

I used mkcert successfully on my local machine, then tried the same on our CI server (Debian stretch) and got:

root@ci:~# export JAVA_HOME="$(dirname $(dirname $(readlink -f $(which java))))"
root@ci:~# echo $JAVA_HOME 
/usr/lib/jvm/java-11-openjdk-amd64
root@ci:~# mkcert -install
Using the local CA at "/root/.local/share/mkcert" ✨
The local CA is now installed in the system trust store! ⚡️

No mention of the java trust store. It would be good if there was some output/warning about what went wrong. It took me a while to figure out that apparently I shouldn't run mkcert as root. Running the same commands as a different user works (and asks for sudo password).

Btw. when running mkdir -install a second time, there is also no mention of the java trust store.

First time:

user@ci:~$ mkcert -install
Using the local CA at "/home/user/.local/share/mkcert" ✨
Installing to the system store is not yet supported on this Linux 😣 but Firefox and/or Chrome/Chromium will still work.
You can also manually install the root certificate at "/home/user/.local/share/mkcert/rootCA.pem".
The local CA is now installed in Java's trust store! ☕️

Second time:

user@ci:~$ mkcert -install
Using the local CA at "/home/user/.local/share/mkcert" ✨
Installing to the system store is not yet supported on this Linux 😣 but Firefox and/or Chrome/Chromium will still work.
You can also manually install the root certificate at "/home/user/.local/share/mkcert/rootCA.pem".
FiloSottile added a commit that referenced this issue Aug 16, 2019
@FiloSottile
Print a message on -install if the CA is already installed
25b1d39 
Updates #182
@FiloSottile
Copy link
Owner

I think all you are seeing is that -install does not print anything if the certificate is already installed. Otherwise, it's a bug. Can you check with v1.4.1 when it comes out later today? I added "already installed" messages.

BTW, the "not yet supported on this Linux" is #188, fixed now.

@FiloSottile FiloSottile added the waiting for info Waiting for feedback from the user label Aug 16, 2019
@darioseidl
Copy link
Author

Thanks, I'll give it a try. v1.4.1 is not out yet, is it?

@darioseidl
Copy link
Author

I tried it now with v1.4.1 (sorry for the long delay) and I get a message The local CA is already installed in Java's trust store! 👍, so this is fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
waiting for info Waiting for feedback from the user
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FiloSottile @darioseidl