mkcert 证书不适用于本地 IP 地址答案

【问题标题】：mkcert certificate not works on local ip adressmkcert 证书不适用于本地 IP 地址
【发布时间】：2021-09-28 23:46:41
【问题描述】：

我正在尝试将我的应用程序转换为 PWA，我需要在我的 raspberrypi 4 上的 localhost 上使用 https，并且可以在 LAN 上使用 192.168.0.2 访问

证书似乎无效，我不明白我缺少什么。

所有命令均以root用户身份执行，所有步骤均来自GitHub官方页面

mkcert -install

mkcert 192.168.80.2
Using the local CA at "/root/.local/share/mkcert" ✨

Created a new certificate valid for the following names �
 - "192.168.0.2"

The certificate is at "./192.168.0.2.pem" and the key at "./192.168.0.2-key.pem" ✅

mv 192.168.0.2-key.pem /etc/apache2/ssl/192.168.0.2-key.pem
mv 192.168.0.2.pem /etc/apache2/ssl/192.168.0.2.pem

ls -l /etc/apache2/sites-enabled
lrwxrwxrwx 1 root root   29 Jul 21 16:34 hiker.conf -> ../sites-available/hiker.conf

sites-available/hiker.conf

<VirtualHost *:80>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    ServerName 192.168.0.2
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www

    Alias /hiker /var/www/hiker/public

    <Directory /var/www/hiker/public>
        AllowOverride All
        Order Allow,Deny
        Allow from All
   </Directory>

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerName 192.168.0.2
        ServerAdmin webmaster@localsite.test
 
        DocumentRoot /var/www
 
        Alias /hiker /var/www/hiker/public

        <Directory /var/www/hiker/public>
            AllowOverride All
            Order Allow,Deny
            Allow from All
        </Directory>
 
        ErrorLog ${APACHE_LOG_DIR}/localsite-error.log
        CustomLog ${APACHE_LOG_DIR}/localsite-access.log combined
 
        SSLEngine on 
        SSLCertificateFile  /etc/apache2/ssl/192.168.0.2.pem
        SSLCertificateKeyFile /etc/apache2/ssl/192.168.0.2-key.pem
    </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

apachectl configtest
Syntax OK

service apache2 restart

【问题讨论】：

这里没有任何内容表明证书的 CA 在您访问服务器的系统上的浏览器中安装为受信任的。问题的原因很可能是浏览器不信任 CA。
我该怎么办？我的 PWA 测试无法完成，因为它应该使用 https 提供服务，而现在不是：(
查看 mkcert 文档中的 Installing the CA on other systems。
对不起，我不明白“在其他系统上安装 CA”与我有什么关系，我在树莓派上使用了 mkcert..
"Chrome on Windows 10 ..." - 这就是“其他系统”的含义。您需要以某种方式将根 CA 以受信任的方式导入系统，以便浏览器不再抱怨未知的证书颁发机构。如何做到这一点应该很容易找到，关于这个主题有很多资源。

标签： linux apache ssl mkcert

【解决方案1】：

感谢@SteffenUllrich，我找到了解决方案。

我要按照此处“make-computer-trust-certificate-authority”中描述的步骤将 CA 导入 Windows 10

我现在可以进行测试以将我的应用转换为 PWA

【讨论】：