Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Issue with new SHA256 certificates on Windows

See original GitHub issue

I’m submitting a bug report

webpack and webpack-dev-server version: webpack: 2.1.0.beta-25 webpack-dev-server: 2.1.0-beta8

Please tell us about your environment: Windows 10 Running server via CLI (https enabled)

Config:

    devServer: {
        publicPath: "http://localhost:8080/assets/",
        https: true,
        inline: true,
        contentBase: "https://localhost:44392"
    }

Current behavior: New SHA256 certificates are reported as being invalid (The signature of the certificate cannot be verified.) on Windows 10. Browsers refuse to connect.

** Result after verification by certutil **

Issuer:
    CN=localhost
    O=webpack
    S=Some-State
    C=US
  Name Hash(sha1): c09e932a57991f558ce9c1356054b21339ebeea8
  Name Hash(md5): d385876d7cf158cfc6e6bacc097efd90
Subject:
    CN=localhost
    O=webpack
    S=Some-State
    C=US
  Name Hash(sha1): c09e932a57991f558ce9c1356054b21339ebeea8
  Name Hash(md5): d385876d7cf158cfc6e6bacc097efd90
Cert Serial Number: 8dca6301d73b9c66

dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_SIGNATURE_VALID (0x8)
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_SIGNATURE_VALID (0x8)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)

CertContext[0][0]: dwInfoStatus=c dwErrorStatus=28
  Issuer: CN=localhost, O=webpack, S=Some-State, C=US
  NotBefore: 27.08.2016 17.31
  NotAfter: 09.01.2018 17.31
  Subject: CN=localhost, O=webpack, S=Some-State, C=US
  Serial: 8dca6301d73b9c66
  Cert: 5117f06a1d761f80eabb34f7385e3d86721effed
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwErrorStatus = CERT_TRUST_IS_NOT_SIGNATURE_VALID (0x8)
  Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)

Exclude leaf cert:
  Chain: da39a3ee5e6b4b0d3255bfef95601890afd80709
Full chain:
  Chain: 5117f06a1d761f80eabb34f7385e3d86721effed
  Issuer: CN=localhost, O=webpack, S=Some-State, C=US
  NotBefore: 27.08.2016 17.31
  NotAfter: 09.01.2018 17.31
  Subject: CN=localhost, O=webpack, S=Some-State, C=US
  Serial: 8dca6301d73b9c66
  Cert: 5117f06a1d761f80eabb34f7385e3d86721effed
The signature of the certificate cannot be verified. 0x80096004 (-2146869244 TRUST_E_CERT_SIGNATURE)
------------------------------------
CertUtil: -verify command FAILED: 0x80096004 (-2146869244 TRUST_E_CERT_SIGNATURE)
CertUtil: The signature of the certificate cannot be verified.

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
stoffeastromcommented, Nov 4, 2016

Oh yes, I forgot that I have to click Advanced -> continue to unsecure… bl bla thanks

0reactions
SpaceK33zcommented, Nov 4, 2016

But you can click on something like continue, right? The cert authority is invalid because it’s a fake cert.

Read more comments on GitHub >

github_iconTop Results From Across the Web

2019 SHA-2 Code Signing Support requirement for Windows ...
The signatures are used to authenticate that the updates come directly from Microsoft and were not tampered with during delivery. Because of weaknesses...
Read more >
Certificate Services – Migrate from SHA1 to SHA2 (SHA256)
How to migrate from SHA1 to SHA2 (SHA256) before Microsoft pulls support for certificates signed with SHA1 in February 2017.
Read more >
How To Create a SHA-256 Self-Signed Certificate
By default, certificates created through Internet Information Services (IIS) on most Windows OS versions are based on the SHA-1 algorithm ...
Read more >
What supports SHA-256 certificates? - DigiCert Knowledge Base
QuoVadis transitioned to new issuing CAs using the SHA256 algorithm for SSL and code signing certificates. As of February 1, 2014, SHA256 is...
Read more >
The truth about SHA1, SHA-256, dual-signing and Code ...
"Effective January 1, 2016, Windows (version 7 and higher) and Windows Server will no longer trust new code that is signed with a...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Webpack dev server respond 404 if set entry name or output.fileName with prefix ‘/’.

Next page

bundled js cannot be found from webpack-dev-server invoked from gulp.