I installed Caddy locally on my Mac to try it out. Using this minimal Caddyfile:
foo {
tls self_signed
browse
}
And putting 127.0.0.1 foo
in my hosts file, Chrome does not accept the certificate:
Your connection is not private
Attackers might be trying to steal your information from foo (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
Subject: Caddy Self-Signed
Issuer: Caddy Self-Signed
Expires on: Jun 29, 2017
Current date: Jun 22, 2017
PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIBbjCCARSgAwIBAgIRAILgF99zdthgKmrYUJ1h5kswCgYIKoZIzj0EAwIwHDEa
MBgGA1UEChMRQ2FkZHkgU2VsZi1TaWduZWQwHhcNMTcwNjIyMDUyNTQ0WhcNMTcw
NjI5MDUyNTQ0WjAcMRowGAYDVQQKExFDYWRkeSBTZWxmLVNpZ25lZDBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABKnzkV8DzA/dxqXAIf02cuznMx7FeIEeiNH+icgT
BpUXngob+ZugsmKoDqU4CYiYME9PkHUJmCMtKCNc+tb5FEOjNzA1MA4GA1UdDwEB
/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHREEBzAFggNmb28wCgYI
KoZIzj0EAwIDSAAwRQIgc1bJxTZ9JgA717nEAs4FB9Mz8AkEWT39+764XdEJZq4C
IQDqsBLAZk5qbgkh89nKJR1w5oMdo2997ZaJKAjhxeXwiA==
-----END CERTIFICATE-----
Curl also doesn’t like it:
❯ curl -v https://foo:2015
* Rebuilt URL to: https://foo:2015/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to foo (127.0.0.1) port 2015 (#0)
* SSL certificate problem: Invalid certificate chain
* Curl_http_done: called premature == 1
* Closing connection 0
The setup is too minimal for anything to be configured wrong, I think. Is the self signed certificate process broken maybe?