(failed)net::ERR_CERT_AUTHORITY_INVALID
777 views
Skip to first unread message
Chakradhara Rao Gatti
Jan 30, 2023, 1:16:22 AM1/30/23
to Chromium Extensions
We are migrating our addon to manifest V3 version. In that process we started using the fetch api (instead of jquery ajax requests) to send api requests in the background page. Our server is self signed. The fetch api sometimes works fine and sometimes it throws the net::ERR_CERT_AUTHORITY_INVALID error. The same api requests worked fine in manifest v2 when we were using jquery ajax requests.
How do I solve this error ?
Stefan Van Damme
Jan 30, 2023, 8:48:49 AM1/30/23
to Chromium Extensions, chakrad...@gmail.com
Hi Chakrad,
Can you verify that your computer's time is set to the correct date and time? And synchronized with a time server.
Thanks,
Chakradhara Rao Gatti
Jan 31, 2023, 2:25:42 AM1/31/23
to Chromium Extensions, stefa...@gmail.com, Chakradhara Rao Gatti, chakra...@zohocorp.com
Hi Stefan,
My computer is correctly synchronized to a time server. The extension development and the server are on the same computer.
So whenever we access our server for the first time in the browser, the below warning is shown :
We will click on advanced option and proceed to the website. In the addon side , the jquery ajax requests to the server works fine if we had clicked procced to the above warning.
But the fetch api requests are failing after working a few times.
Regards,
Chakri
Chakradhara Rao Gatti
Feb 7, 2023, 8:07:15 AM2/7/23
to Chromium Extensions, Chakradhara Rao Gatti, stefa...@gmail.com
Hello Stefan,
Any update for this ?
Regards,
Chakri
Ibrahim
Feb 8, 2023, 7:38:41 AM2/8/23
to Chromium Extensions, chakrad...@gmail.com, stefa...@gmail.com
ERR_CERT_COMMON_NAME_INVALID is an error that shows up when the hostname registered inside the TLS certificate does not match the hostname in the URL that you try to access.
There are two possible fixes:
1) make sure that the URL to your API has the correct hostname
2) Regenerate the TLS certificate on the server to contain the hostname you are trying to access
Simeon Vincent
Feb 8, 2023, 1:46:02 PM2/8/23
to Ibrahim, Chromium Extensions, chakrad...@gmail.com, stefa...@gmail.com
I'm not aware of any differences between XMLHttpRequest and fetch() when it comes to certificate validation. That's rather odd. Have you tried testing using fetch() in Manifest V2 or in another web browser like Firefox?
Taking a step back, why are you using a self-signed certificate? It can be extremely dangerous to install custom root certificates on your devices as an attacker could observe, intercept, modify, or spoof traffic all SSL traffic on that device.
If you're only using a self signed cert for local development purposes, you may be able to avoid custom certificates entirely. The following quote comes from the red Caution banner at the top of this page:
Most of the time, http://localhost does what you need: in browsers, it mostly behaves like HTTPS 🔒. That's why some APIs that won't work on a deployed HTTP site, will work on http://localhost. What this means is that you need to use HTTPS locally only in special cases (see When to use HTTPS for local development), like custom hostnames or Secure cookies across browsers.
Simeon - @dotproto
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/bccc8b05-bc64-4cc7-8997-f48b044f7010n%40chromium.org.
Reply all
Reply to author
Forward
0 new messages