🔐 American Bakeshop intranet HTTPS

Fix the “site is insecure” warning on this intranet.

This machine needs to trust the American Bakeshop local root certificate. Technitium gets you to the right server; this certificate makes Chrome, Edge, and Firefox trust the HTTPS certificate Apache is already serving.

Windows quick install

Download the installer, run it, then close and reopen your browser. It installs the public root CA only. It does not install any private key.

Download Windows installer Download certificate only
Checking current protocol…
Use DNS names such as admin.ab.home.arpa, not the server IP address.

Manual Windows install

  1. Download ab-dev-root-ca.cer.
  2. Double-click it and choose Install Certificate.
  3. Choose Local Machine if you have admin access, or Current User if you do not.
  4. Choose Place all certificates in the following store.
  5. Select Trusted Root Certification Authorities.
  6. Finish, then restart Chrome or Edge.

Firefox

Firefox may need its own import unless it is configured to use the Windows certificate store.

  1. Open Firefox Settings.
  2. Go to Privacy & Security → Certificates → View Certificates.
  3. Open Authorities → Import.
  4. Select ab-dev-root-ca.cer.
  5. Trust it for identifying websites.

Server admin note

If Apache’s certificate is regenerated with a different mkcert CA, publish the new public root certificate before sending staff to this page.

scripts\publish-ab-root-ca.bat

Never publish rootCA-key.pem or any file ending in -key.pem.

What this fixes

If the browser warning is NET::ERR_CERT_AUTHORITY_INVALID, this page is the correct fix. If the warning is NET::ERR_CERT_COMMON_NAME_INVALID, the Apache certificate is for the wrong hostname and must be regenerated with the right SAN names.

Your certificate should include each hostname people actually type, for example ab.home.arpa, admin.ab.home.arpa, wm.ab.home.arpa, and wholesaler.ab.home.arpa.