webpack-dev-server: Generated SSL Certificate is not valid (has no CA), and cannot make it as valid and accepted
- Operating System: MacOS Mojave 10.14.3
- Node Version: v11.9.0
- NPM Version: 6.5.0
- webpack Version: 4.0.0-rc.7
- webpack-dev-server Version: 3.1.14
- This is a bug
- This is a modification request
Code
// webpacker.yml
dev_server:
https: true
host: localhost
port: 3035
public: localhost:3035
hmr: true
# Inline should be set to true if using HMR
inline: true
overlay: true
compress: true
disable_host_check: true
use_local_ip: false
quiet: false
headers:
'Access-Control-Allow-Origin': '*'
watch_options:
ignored: '**/node_modules/**'
Expected Behavior
When starting the webpack-dev-server it should generate the SSL certificate which is valid, with the CA, so that when it gets accepted, it doesn’t expire each time.
Or, at least allow passing my own certificate from the file, so that I can generate it on the required domain name, and make it valid like 100 years or so.
Actual Behavior
When starting the webpack-dev-server it generates the SSL certificate which is invalid because it has no CA included. When accepting it manually, the webpack re-generates that certificate several times per day, and each time the certificate needs to be re-accepted in the browser.
That is quite inconvenient.
Also, when trying to pass the self-generated certificates, those parameters get ignored:
./bin/webpack-dev-server -- --open --https --cert ~/.ssl/private.pem --key ~/.ssl/private.key
For Bugs; How can we reproduce the behavior?
Reproduce the invalid CA:
- Start the
webpack-dev-serverso that it generates the SSL certificate. - Open the browser and view the certificate.
It says: “localhost” certificate is not trusted.
If I look into the code, file webpack-dev-server/lib/utils/createCertificate.js, I see the line:
extensions: [
{
name: 'basicConstraints',
cA: true,
},
(notice the lowercase “c” on the “cA”.
I can see it gets better when I do the following:
- I change this “cA” to “CA” in the
createCertificate.jsfile. - Delete the generated pem file:
rm node_modules/webpack-dev-server/ssl/server.pem - Start the
webpack-dev-server
Then I see the warning that the certificate is not verified:
This is one part of the solution.
Still, the issue persists that when I restart the webpack-dev-server, the certificate is expiring often, and I need to re-approve it.
Reproduce the ignoring of certificate parameters
- Generate my own SSL Private Key and Certificate.
- Start the Webpack Dev Server with parameters which should read that file:
./bin/webpack-dev-server -- --open --https --cert ~/.ssl/private.pem --key ~/.ssl/private.key - See that it still generates its own certificate and ignores the parameters.
I have looked into several online resources for this, but they seem to be outdated, as I can’t make any of the solutions work to just have the SSL with the valid certificate which allows to develop normally.
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 20 (11 by maintainers)
@marisveide yep, it is not our area
That’s right - this is an issue: running the command line like this (as explained in the link you sent):
webpack-dev-server --https --key /path/to/server.key --cert /path/to/server.crt --cacert /path/to/ca.pemIt just ignores those parameters, and still generates its own certificate. It doesn’t use my passed certificate. The concrete command I am running, is this:
./bin/webpack-dev-server --https --cert ~/.ssl/private.pem --key ~/.ssl/private.keyI have the certificate issued there on the different domain - not the
localhost. And my generated certificate is set to be valid for 10 years. Here’s how my certificate looks like in KeyChain:But when I run the command to use that certificate with WebPacker
./bin/webpack-dev-server --https --cert ~/.ssl/private.pem --key ~/.ssl/private.key, I still get the localhost certificate, which is valid not 10 years, but 25 days:Can you tell that you have tried to replicate this, but for you, it accepts your custom certificate?