dakshshah96 / local-cert-generator Goto Github PK

View Code? Open in Web Editor NEW

966.0 25.0 237.0 8 KB

🚀 A set of scripts to quickly generate a HTTPS certificate for your local development environment.

Shell 100.00%

https ssl-certificate https-certificate

local-cert-generator's Introduction

HTTPS for `localhost`

A set of scripts to quickly generate a HTTPS certificate for your local development environment.

How-to

Clone this repository and cd into it:

git clone https://github.com/dakshshah96/local-cert-generator.git
cd local-cert-generator

Run the script to create a root certificate:

sh createRootCA.sh

Add the root certificate we just generated to your list of trusted certificates. This step depends on the operating system you're running:
- macOS: Open Keychain Access and import the root certificate to your System keychain. Then mark the certificate as trusted.
- Linux: Depending on your Linux distribution, you can use trust, update-ca-certificates or another command to mark the generated root certificate as trusted.

Note: You may need to restart your browser to load the newly trusted root certificate correctly.

Run the script to create a domain certificate for localhost:

sh createSelfSigned.sh

Move server.key and server.crt to an accessible location on your server and include them when starting it. In an Express app running on Node.js, you'd do something like this:

var path = require('path')
var fs = require('fs')
var express = require('express')
var https = require('https')

var certOptions = {
  key: fs.readFileSync(path.resolve('build/cert/server.key')),
  cert: fs.readFileSync(path.resolve('build/cert/server.crt'))
}

var app = express()

var server = https.createServer(certOptions, app).listen(443)

local-cert-generator's People

Contributors

Stargazers

Watchers

Forkers

hatemhosny davitovmasyan swamim dipakdotyadav neomatrixcode danielmorena sdwlig sthagen nikolayvoronchikhin kasiviswanathan3876 lblsa wanjarus jmmalaca niilante mehrdad-shokri robmorgan trasherdk yuchencc trembl edicon minhsonmta ok111net nfhipona raxshan jeremedia ricardo-0x07 kabilan93 pammix86 adoussot dkt201474 lavir marcosaguilera ssatz sreenivasanac nodejsnetwork cjnygard ng-model kenmlee yomaron sitthichai korgoth glaucomorais onewoorks ambarish2013 binoysinha sandeep-cs-dev dungnteva0609 ebriney userolas eduardopintor dogfight360 leogedler rriixx mihaierosx2 anupjha scottming thelebster cs10-labs7-mbp wlfsihua kbrothis feelingcodev punkrockio williamukoh tongtree27 rampagex alexewd schandan18 superiorlu iamdvr upschmidtcreek fisthu nhoxzunbmt hoodasaad smuchka koybe jasonadelia arsenik khanhpoeta yusenjeng reddysainathn amitinsan x2002uwh james-copeland mdeora shekhaua lipten ptzagk cuteofdragon asiainfoliwei ng-parth qlixes diroussel nebbles arshinde123 e01t boyeoffice manask06 miniring xserveraws anupm12

local-cert-generator's Issues

Certificate not trusted

I followed all the steps in your README but the generated certificate does not work.

Certificate not trusted on iOS 13

Hey there, thanks a lot for the article and the lib!

The generated certificate isn't trusted by iOS 13 simulators due to Apple new requirements: https://support.apple.com/en-us/HT210176

Error when running createSelfSigned.sh

Thanks for the guide and repo!

When running sh createSelfSigned.sh, I get the following error:

createSelfSigned.sh: 2: createSelfSigned.sh: Syntax error: "(" unexpected

After tweaking the script to remove the parens and redirect, it works, and looks like this:

#!/usr/bin/env bash
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext

My openssl version is 1.0.2g, running on Ubuntu Linux 17.10.

Add Windows compatibility

README.md steps 1-2 works fine on Windows (will create rootCA.key and rootCA.pem).
Step 3 is related only for OS X.

Trust this certificate after importing it to your System keychain

Windows doesn't have System keychain.
And step 4 fails:

> sh createSelfSigned.sh
createSelfSigned.sh: cannot make pipe for process substitution: Function not implemented
req: Option -config needs a value
req: Use -help for summary.
x509: Cannot open input file server.csr, No such file or directory
x509: Use -help for summary.

days should be less than 826

requirement for trusted certificates has changed to https://support.apple.com/en-us/HT210176

net::ERR_CERT_COMMON_NAME_INVALID with IP Address

Hi Daksh,

Thanks for sharing this resource!

How can I make this work with my local IP address, 192.168.0.5 instead of localhost?

I updated server.csr.cnf to

[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
C=US
ST=RandomState
L=RandomCity
O=RandomOrganization
OU=RandomOrganizationUnit
[email protected]
CN = 192.168.0.5

and v3.ext to

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = 192.168.0.5

but Chrome throws GET https://192.168.0.5:5000/socket.io/?EIO=3&transport=polling&t=NDh899k net::ERR_CERT_COMMON_NAME_INVALID

Any help on what I'm missing here :)

Need more details for Linux

Thanks for creating this, I am trying to get this to work on my Linux Ubuntu machine and this step just doesn't have quite enough details that I need:

Linux: Depending on your Linux distribution, you can use trust, update-ca-certificates or another command to mark the generated root certificate as trusted.

I would type trust.... what?
trust Local Certificate and trust rootCA.pem do not work.

or update-ca-certificates... what? just update-ca-certificates doesn't seem to solve it either.

Any help appreciated!

Add a License File

It appears that this repository does not have a license, which may disallow anyone to use its content (read about this here). Thus, would you mind adding a 'LICENSE' file to your repository?

By the way: To choose a license, choosealicense.com and the opensource guide are great places to start looking.
Adding the license to the repo can then easily be done using one of githubs template, as shown here.

Thanks in advance!

_{Issue created using the licenseplate browser extension, which relies on the GitHub API to identify licenses. This is not legal advice.}

[Question] Getting to work without node app? Running on https://192.168.1.11:5000 ?

Hi there I just came from reading:
https://www.freecodecamp.org/news/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec/

And I could follow through, but I have a much simpler setup and I don't want to run a node app. I simply have an html file and I run https://www.npmjs.com/package/serve

to serve it.
Is there a way to include an ssl certificate with such a simple setup?

Also - the reason why I am doing this, is because I want to access a mobile devices deviceorientation. Unfortunately you have to run on https to get some values...
In my case I call my localhost server via the IP in the network, like:
http://192.168.1.11:5000

Of course this should be https.
Even if I got to run your way of having a valid certificate for localhost, would that also be valid for http://192.168.1.11:5000?

Thanks for some clarification. Sorry, I am really not at home with the whole certificate stuff, I just want to run a simple server to execute the most simple javascript... Hach, how darn complicated has the web world become 😅....