Trusted Self-signed SSL Certificate and local domains for testing
#security #ssl #trustedslefsignedssl
References
https://gist.github.com/techforum-repo/ff455cf310982e815423c745494e7bc0
https://gist.github.com/techforum-repo/7298e034e2d88a5a64ed7516570d6236
https://gist.github.com/techforum-repo/5b8eea0112d930a30b991a35c42bd7ae
https://gist.github.com/techforum-repo/dd9d7e3b772646423a4917772366f712
Most of the time, we will have a scenario to have different domains other than the localhost to test the applications locally and also to have trusted self-signed SSL certificates.
Let us now see how to quickly set up the local domains and trusted self-signed certificate for testing in windows, the same can be used with other systems with some additional steps.
Sometimes, we may need to have different domains to test our application in the development environment. The DNS setup will consume more time and cost, the local domains help us to test the applications quickly in development environments.
I am going to define the following test domains — myexample.com, sub.myexample.com and myexample1.com
Edit the windows hosts file — C:\Windows\System32\drivers\etc\hosts, add the below entries to map the test domains to 127.0.0.1 so that the defined domains will be able to access the application running on localhost within the same machine.
127.0.0.1 myexample.com
127.0.0.1 sub.myexample.com
127.0.0.1 myexample1.com
Let us now create a self-signed certificate through OpenSSL
Create an RSA-2048 key and save it to a file rootCA.key
openssl genrsa -des3 -out rootCA.key 2048
“Enter passphrase for rootCA.key” — enter a passphrase and store it securely.
Create a root certificate through the key generated
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1460 -out rootCA.pem
Change the validity days as needed
“Enter passphrase for rootCA.key” — enter the passphrase used while generating the root key
Enter the other optional information
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: MN
Locality Name (eg, city) []:Eagan
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Tech Forum
Organizational Unit Name (eg, section) []:Marketing
Common Name (e.g. server FQDN or YOUR name) []: Local certificate
Email Address []:admin@techforum.com
Now the root certificate is ready, let us Trust the root SSL certificate in the local system
Run the below command through command prompt(run through elevated access)
certutil -addstore -f "ROOT" rootCA.pem
Now the root certificate is added as part of the “Trusted Root Certification Authorities”
You can verify the certificate through Certificate Manager or Certmgr.msc
Even the root certificate can be managed through Browsers, In Chrome navigate to Settings → Privacy and Security →Security → Manage Certificates → Trusted Root Certification Authorities
You can import/export and remove the certificate(the certificates can’t be removed if it was imported through Certmgr.msc)
If you use Firefox for local testing, it will not consider the Root Certificates from the Windows Cert store(Chrome and Edge refer to the root certificates from windows cert store) the Self Signed Root certificate should be imported to Firefox separately.
Navigate to Options→ Privacy and Security →Security → Certificates → View Certificates
You can import/export and remove the certificates, import the rootCA certificate generated in the earlier steps, select “Trust this CA to identify websites”
The root certificate is trusted now, let us issue an SSL certificate to support our local domains — myexample.com, sub.myexample.com, myexample1.com, and localhost for testing.
Create a new OpenSSL configuration file server.csr.cnf, so the configurations details can be used while generating the certificate.
Create a v3.ext file with a list of local SAN domains
Create a private key and CSR (Certificate Signing Request) for the localhost certificate
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf
This private key is stored on server.key
Let us issue a certificate via the root SSL certificate and the CSR created earlier.
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
“Enter passphrase for rootCA.key:” enter the passphrase used while generating the root key
The output certificate is stored in a file called server.crt.
Let us now enable the certificate for the local server, I am going to configure the certificate with express.js application to enable the trusted SSL communication
Now the certificate is trusted from the browser for the test domains — myexample.com, sub.myexample.com, myexample1.com, and localhost
Видео Trusted Self-signed SSL Certificate and local domains for testing канала Tech Forum
References
https://gist.github.com/techforum-repo/ff455cf310982e815423c745494e7bc0
https://gist.github.com/techforum-repo/7298e034e2d88a5a64ed7516570d6236
https://gist.github.com/techforum-repo/5b8eea0112d930a30b991a35c42bd7ae
https://gist.github.com/techforum-repo/dd9d7e3b772646423a4917772366f712
Most of the time, we will have a scenario to have different domains other than the localhost to test the applications locally and also to have trusted self-signed SSL certificates.
Let us now see how to quickly set up the local domains and trusted self-signed certificate for testing in windows, the same can be used with other systems with some additional steps.
Sometimes, we may need to have different domains to test our application in the development environment. The DNS setup will consume more time and cost, the local domains help us to test the applications quickly in development environments.
I am going to define the following test domains — myexample.com, sub.myexample.com and myexample1.com
Edit the windows hosts file — C:\Windows\System32\drivers\etc\hosts, add the below entries to map the test domains to 127.0.0.1 so that the defined domains will be able to access the application running on localhost within the same machine.
127.0.0.1 myexample.com
127.0.0.1 sub.myexample.com
127.0.0.1 myexample1.com
Let us now create a self-signed certificate through OpenSSL
Create an RSA-2048 key and save it to a file rootCA.key
openssl genrsa -des3 -out rootCA.key 2048
“Enter passphrase for rootCA.key” — enter a passphrase and store it securely.
Create a root certificate through the key generated
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1460 -out rootCA.pem
Change the validity days as needed
“Enter passphrase for rootCA.key” — enter the passphrase used while generating the root key
Enter the other optional information
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: MN
Locality Name (eg, city) []:Eagan
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Tech Forum
Organizational Unit Name (eg, section) []:Marketing
Common Name (e.g. server FQDN or YOUR name) []: Local certificate
Email Address []:admin@techforum.com
Now the root certificate is ready, let us Trust the root SSL certificate in the local system
Run the below command through command prompt(run through elevated access)
certutil -addstore -f "ROOT" rootCA.pem
Now the root certificate is added as part of the “Trusted Root Certification Authorities”
You can verify the certificate through Certificate Manager or Certmgr.msc
Even the root certificate can be managed through Browsers, In Chrome navigate to Settings → Privacy and Security →Security → Manage Certificates → Trusted Root Certification Authorities
You can import/export and remove the certificate(the certificates can’t be removed if it was imported through Certmgr.msc)
If you use Firefox for local testing, it will not consider the Root Certificates from the Windows Cert store(Chrome and Edge refer to the root certificates from windows cert store) the Self Signed Root certificate should be imported to Firefox separately.
Navigate to Options→ Privacy and Security →Security → Certificates → View Certificates
You can import/export and remove the certificates, import the rootCA certificate generated in the earlier steps, select “Trust this CA to identify websites”
The root certificate is trusted now, let us issue an SSL certificate to support our local domains — myexample.com, sub.myexample.com, myexample1.com, and localhost for testing.
Create a new OpenSSL configuration file server.csr.cnf, so the configurations details can be used while generating the certificate.
Create a v3.ext file with a list of local SAN domains
Create a private key and CSR (Certificate Signing Request) for the localhost certificate
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf
This private key is stored on server.key
Let us issue a certificate via the root SSL certificate and the CSR created earlier.
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
“Enter passphrase for rootCA.key:” enter the passphrase used while generating the root key
The output certificate is stored in a file called server.crt.
Let us now enable the certificate for the local server, I am going to configure the certificate with express.js application to enable the trusted SSL communication
Now the certificate is trusted from the browser for the test domains — myexample.com, sub.myexample.com, myexample1.com, and localhost
Видео Trusted Self-signed SSL Certificate and local domains for testing канала Tech Forum
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![How does HTTPS work? What's a CA? What's a self-signed Certificate?](https://i.ytimg.com/vi/T4Df5_cojAs/default.jpg)
![How to Add SSL Encryption to Web Apps Using the Nginx Reverse Proxy](https://i.ytimg.com/vi/wQcSql62zRo/default.jpg)
![TLS Certificates for Local Area Networks](https://i.ytimg.com/vi/T5VRmlKuJks/default.jpg)
![How to create a valid self signed SSL Certificate?](https://i.ytimg.com/vi/VH4gXcvkmOY/default.jpg)
![How to create self signed SSL certificate using OpenSSL](https://i.ytimg.com/vi/c-LEHJy5g8Y/default.jpg)
![Generate a Trusted Self Signed Certificate in IIS without any command [2019]](https://i.ytimg.com/vi/NuxlPZPDi_s/default.jpg)
![Active Directory Certificate Services](https://i.ytimg.com/vi/1oX-OCMS5aQ/default.jpg)
![How to Generate Self Signed Certificate? (CA & Server SSL Certificate | cfssl Tutorial)](https://i.ytimg.com/vi/SiLlYU5Ai1Y/default.jpg)
![Cassandra SSL Setup with Self signed Certs](https://i.ytimg.com/vi/0lyukM-RYTI/default.jpg)
![Fix All SSL Certificate Issues in cPanel | cPanel Error in AutoSSL Run](https://i.ytimg.com/vi/Tv3ib76US_0/default.jpg)
![Securing LDAP with a Self Signed Certificate](https://i.ytimg.com/vi/sjv7IB5meQk/default.jpg)
![How to get HTTPS working in localhost (Self Signed localhost SSL Certificates)](https://i.ytimg.com/vi/PttqtI8ml3E/default.jpg)
![How SSL certificate works?](https://i.ytimg.com/vi/33VYnE7Bzpk/default.jpg)
![How to trust a self signed certificate in IIS Windows Server 2019](https://i.ytimg.com/vi/GrOReB66UbM/default.jpg)
![OpenSSL Step By Step Tutorial | How to Generate Keys, Certificates & CSR Using OpenSSL](https://i.ytimg.com/vi/wzbf9ldvBjM/default.jpg)
![Create and sign certs with OpenSSL](https://i.ytimg.com/vi/ApYbwdFWytE/default.jpg)
![Odoo 14 Installation Guide - Configure Your Custom Domain, Free SSL Certificate, NGINX Setup](https://i.ytimg.com/vi/Pzktx3PkbHk/default.jpg)
![Create & sign SSL/TLS certificates with openssl](https://i.ytimg.com/vi/7YgaZIFn7mY/default.jpg)
![Intro to Digital Certificates](https://i.ytimg.com/vi/qXLD2UHq2vk/default.jpg)
![Free SSL Certificate - Works with Private Network](https://i.ytimg.com/vi/5ioY3ofFGuo/default.jpg)