Mac sales are 13% down year-on-year because of terrible support like this. And don't bother saying you're 'not Apple support', this is an Apple website and you're supposedly some Level 10 ninja so if they're not paying you then whoever is should fire you because you spend all your time here. You could have explained what this message means and why it's not a problem and how to stop getting it. MacOS and Apple support used to be years ahead of Microsoft/Windows and now it's years behind. I'm typing this on my 7th and last Apple computer. I paid a lot of money for an absolute top of the line MacBook Pro and it has been anything but a premium experience.
Mar 4, 2019 12:01 PM
Almost any website you visit today is protected by HTTPS. If yours isn't yet, it should be. Securing your server with HTTPS also means that you can't send requests to this server from one that isn't protected by HTTPS. This poses a problem for developers who use a local development environment because all of them run on http://localhost out-of-the-box.
Click Utilities, then Keychain Access in the icon grid. Select the login keychain from the list on the left side of the Keychain Access window. If your default keychain has a different name, select that. If the lock icon in the top left corner of the window shows that the keychain is locked, click to unlock it. Adobe After Effects CC 2019 wants to use the 'login' keychain. Please enter the keychain password. Password not working and stuck error message - this is how. I'm getting a pop-up window on MacOS 10.13.6 (.High Sierra') that 'Node wants to use the local items keychain' and I can't get it to go away. Since this is an older iMac, I bit the bullet and did.
At the startup I'm a part of, we decided to secure our AWS Elastic Load Balancer endpoints with HTTPS as part of a move to enhance security. I ran into a situation where my local development environment's requests to the server started getting rejected.
A quick Google search later, I found several articles like this, this or this one with detailed instructions on how I could implement HTTPS on localhost. None of these instructions seemed to work even after I followed them religiously. Chrome always threw a NET::ERR_CERT_COMMON_NAME_INVALID error at me.
The problem
All the detailed instructions I had found were correct for the time they were written. Not anymore.
After a ton of Googling, I discovered that the reason for my local certificate getting rejected was that Chrome had deprecated support for commonName matching in certificates, in effect, requiring a subjectAltName since January 2017.
The solution
We'll be using OpenSSL to generate all of our certificates.
Step 1: Root SSL certificate
The first step is to create a Root Secure Sockets Layer (SSL) certificate. This root certificate can then be used to sign any number of certificates you might generate for individual domains. If you aren't familiar with the SSL ecosystem, this article from DNSimple does a good job of introducing Root SSL certificates.
Generate a RSA-2048 key and save it to a file rootCA.key. This file will be used as the key to generate the Root SSL certificate. You will be prompted for a pass phrase which you'll need to enter each time you use this particular key to generate a certificate.
Node Wants To Use The Local Items Keychain Adobe
You can use the key you generated to create a new Root SSL certificate. Save it to a file namedrootCA.pem. This certificate will have a validity of 1,024 days. Feel free to change it to any number of days you want. You'll also be prompted for other optional information.
Step 2: Trust the root SSL certificate
Before you can use the newly created Root SSL certificate to start issuing domain certificates, there's one more step. You need to to tell your Mac to trust your root certificate so all individual certificates issued by it are also trusted.
Open Keychain Access on your Mac and go to the Certificates category in your System keychain. Once there, import the rootCA.pem using File > Import Items. Double click the imported certificate and change the 'When using this certificate:' dropdown to Always Trust in the Trust section.
Your certificate should look something like this inside Keychain Access if you've correctly followed the instructions till now.
Step 2: Domain SSL certificate
The root SSL certificate can now be used to issue a certificate specifically for your local development environment located at localhost.
Create a new OpenSSL configuration file server.csr.cnf so you can import these settings when creating a certificate instead of entering them on the command line.
Create a v3.ext file in order to create a X509 v3 certificate. Notice how we're specifying subjectAltName Download responsive innovations usb devices driver. here.
Create a certificate key for localhost using the configuration settings stored in server.csr.cnf. This key is stored in server.key.
Node Wants To Use The Local Items Keychain To Be
A certificate signing request is issued via the root SSL certificate we created earlier to create a domain certificate for localhost. The output is a certificate file called server.crt.
Use your new SSL certificate
Macos Node Wants To Use The Local Items Keychain
You're now ready to secure your localhost with HTTPS. Move the server.key and server.crt files to an accessible location on your server and include them when starting your server.
In an Express app written in Node.js, here's how you would do it. Make sure you do this only for your local environment. Do not use this in production.
I hope you found this tutorial useful. If you're not comfortable with running the commands given here by yourself, I've created a set of handy scripts you can run quickly to generate the certificates for you. More details can be found on the GitHub repo.
Node Wants To Use The Local Items Keychain
I love helping fellow web developers. Follow me on Twitter and let me know if you have any suggestions or feedback. If you'd like to show your appreciation towards any of the work I've done, be it a blog post, an open source project or just a funny tweet, you can buy me a cup of coffee.
