How to let Local HTTPS expire after several years

1. The problem I’m having:

Local HTTPS cert expires too soon.

TO let chrome trust the cert, I should export the cert as PKCS#7 version , and use certmgr.msc to reimport the exported cert, and then chrome will trust the cert.

But the default cert expires too soon, and then my chrome will not trust before imported cert, and I will do that export and import again and agin.

So if the default cert will have a longer expire time and so chrome will trust the cert longer?

2. Error messages and/or full log output:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

4. How I installed and ran Caddy:

systemctl start caddy

a. System environment:

windows10

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

192.168.0.2 {

        respond "hello"
}

5. Links to relevant resources:

You’re meant to trust the root CA cert, not the leaf cert. The root has a 5 year lifetime.

You can find the root CA cert in Caddy’s storage.

Please upgrade to the latest version, v2.6.4.

After many tries, I can only make chrome trust the cert by export untrusted cert from chrome as PKS#7 format , and re import by certmgr.msc.
And if I import caddy root CA cert (located at pki/authorities/local/root.crt ) by certmgr.msc directly, the chrome can not trust it.

Since both the cert located at the system cert store, why the firstly re imported cert can trust by chrome, but directly imported cert can not trust by chrome ?

Tried again, this time chrome trust the cert. May be some wrong operation. I’ll check it.

Most browsers now ship with their own trust store, so adding the cert to the system’s trust store is sometimes not enough to have browsers also trust it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.