I’m a web developer working on an app running in Docker on my MacBook. Chrome, Edge and Safari trust the self-signed certificate that has been imported into the Mac’s root certificate store and have no security issues, but when I try and access the web app, I’m hit with “Warning: Potential Security Risk Ahead” and the error code is MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY

I really miss Firefox, particularly the multi-account containers feature. What do I need to do so that Firefox will trust my certificate for my local web app?

  • I haven’t seen that particular error before, but based on the error name it sounds like you may be using the generated root CA cert directly as the cert served by your app. You’ll want to generate a leaf cert off of the root and have your app serve that locally.

    • Seconded. I use self signed certs all the time, but never the root CA cert. I also don’t add my cert at the OS level, I just add it at the browser level