No internet connection
  1. Home
  2. Technical Support

"This root certificate is not trusted"

By Chip @chip
    2024-05-22 19:56:56.390Zassigned to
    • @david
    • Mac OS Sonoma 14.3
    • Chrome Version 124.0.6367.91 (Official Build) (arm64)
    • I tried deleting and re-adding without any change.

    Howdy! I have a new TinyPilot Pro I'm configuring. When I follow the FAQ entry for installing the cert, I get the following error:

    Reply
    • 3 replies
    1. David @david2024-05-23 11:40:45.479Z

      Hi @chip, I'm sorry you're running into this issue installing the certificate on your Mac.

      And thanks for sharing all that information about your setup!

      I've just tested this on my Mac with Chrome, and it seems to work, so we'll have to dig into why this isn't working on your machine.

      Once you've selected "Always Trust" for SSL, you need to close the window. When you close the window, your Mac will prompt you for your password (or finger print) to confirm the new trust setting.

      After saving the trust settings, you should see that the tinypilot-ca item in the list displays a blue + symbol - does that happen on your machine?

      Please let me know if you have any questions.

      Reply
      1. C
        In reply tochip:
        Chip @chip
          2024-05-23 16:07:54.617Z2024-05-23 17:30:19.071Z

          Thanks @david.

          I came back this morning and it looks like the cert is valid. No clue why there was a delay. There wasn't anything in the keychain logs that I saw using

          log show --predicate 'subsystem == "com.apple.securityd" AND message CONTAINS[cd] "Keychain Access"' --info --debug --signpost --style compact

          but I'm not sure if it would show up there anyway.

          I'm still getting a security error... I restarted chrome but the error persists:

          Reply
          1. David @david2024-05-24 11:33:50.690Z

            Thanks for the update, @chip!

            You might be seeing this error because you're accessing your TinyPilot's web interface using its IP address, rather than its hostname.

            TinyPilot's certificate is valid only for its hostname, the .local variant, the .localdomain variant, and its static IP address (if set).

            If you access your TinyPilot's web interface using its hostname, is the certificate valid?

            If you still receive the warning with your TinyPilot's hostname, could you check the certificate's Subject Alternative Name (SAN) information? The SAN information shows the current valid domains / static IP address. You can view the information In Chrome's Certificate Viewer under "Extensions" in the "Certificate Subject Alternative Name" block. You can access the Certificate Viewer by clicking on the "Not Secure" warning in the address bar, clicking "Certificate is not valid", then clicking the "Details" tab.

            I hope that helps! Please let me know if you have any questions.

            Reply
          ReplyAdd progress note