Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Useful article for generating SSL certs on Windows


This is just an article I wanted to share that I found useful. I figured it would also be useful to others that are looking at local dev on windows using HTTPS.

The only difference I want to mention, having followed these steps using Git Bash, is something that should be done slightly differently in Step 2 under 2 steps to issue Certificate for a local Domain :

This step provides the following snippet:

openssl x509 \ -req \ -in demo.local.csr \ -CA rootSSL.pem -CAkey rootSSL.key -CAcreateserial \ -out demo.local.crt \ -days 500 \ -sha256 \ -extfile <(echo " \ authorityKeyIdentifier=keyid,issuer\n \ basicConstraints=CA:FALSE\n \ keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\n \ subjectAltName=DNS:demo.local \ ")

Running this using a process substitution as the argument for the -extfile option results in this error:

error loading the config file /proc/<pid>/fd/63'

From what I understand, this is because a temporary directory is created in /proc named after the sub process's pid , but the sub process closes and the temporary directory is deleted before the result can be passed as an argument to the above command.

To work around this, I put the temporary config string in a file named similarly to demo.local.cnf , then I used that filename as the argument in place of the process substitution shown above.


I guarantee there are others more experienced with this; this is my first time successfully generating a cert for use locally, and I haven't had a chance to test it out yet.

Feel free to let me know where terminology and understanding needs correction/improvement. It would definitely help me better understand as I learn to work with local dev over HTTPS.

Viewing all articles
Browse latest Browse all 12749

click here for Latest and Popular articles on Search Engine Optimization (SEO)