Created
March 9, 2018 02:57
-
-
Save brucebentley/eb8a97473c9f638228bbcd85d8569d8e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Create a temporary directory to store everything while we're working on it. | |
| # | |
| $ mkdir -p ~/Desktop/localhost_cert && cd $_ | |
| ############################################################ | |
| # STEP 1: Root SSL Certificate | |
| ############################################################ | |
| # | |
| # Generate a RSA-2048 key which you'll use to generate the Root SSL certificate. | |
| # @OUTPUT: rootCA.key | |
| # | |
| $ openssl genrsa -des3 -out rootCA.key 2048 | |
| # | |
| # Use the generated key to create a new Root SSL certificate. | |
| # @INPUT: rootCA.key | |
| # @OUTPUT: rootCA.pem | |
| # | |
| $ openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem | |
| ############################################################ | |
| # STEP 2: Trust The Root SSL Certificate | |
| ############################################################ | |
| # | |
| # 2a. Open "Keychain Access" on your Mac | |
| # 2b. Navigate to the "Certificates" category in your "System Keychain" | |
| # 2c. File > Import Items > `rootCA.pem` you generated above | |
| # 2d. Double-click imported certificate and change the "When using this | |
| # certificate:" dropdown to "Always Trust" | |
| # | |
| ############################################################ | |
| # STEP 3: Domain SSL Certificate | |
| ############################################################ | |
| # | |
| # Create a new OpenSSL configuration file `server.csr.cnf` so you can | |
| # import settings when creating the certificate. | |
| # @OUTPUT: server.key | |
| # | |
| ``` | |
| [req] | |
| default_bits = 2048 | |
| prompt = no | |
| default_md = sha256 | |
| distinguished_name = dn | |
| [dn] | |
| C=US | |
| ST=RandomState | |
| L=RandomCity | |
| O=RandomOrganization | |
| OU=RandomOrganizationUnit | |
| [email protected] | |
| CN = localhost | |
| ``` | |
| # | |
| # Create a `v3.ext` file in order to create a `X509 v3 Certificate`. | |
| # | |
| ``` | |
| authorityKeyIdentifier=keyid,issuer | |
| basicConstraints=CA:FALSE | |
| keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
| subjectAltName = @alt_names | |
| [alt_names] | |
| DNS.1 = localhost | |
| ``` | |
| # | |
| # Create a certificate key for `localhost` using the stored input configuration. | |
| # @INPUT: server.csr.cnf | |
| # @OUTPUT: server.key | |
| # | |
| $ openssl req --new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf ) | |
| # | |
| # A certificate signing request is issued via the Root SSL Certificate we | |
| # created earlier to create a domain certificate for `localhost`. | |
| # @OUTPUT: server.crt | |
| # | |
| $ openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext | |
| ############################################################ | |
| # STEP 4: Storing The Certificate | |
| ############################################################ | |
| # | |
| # Copy all of the contents of the current `~/Desktop/localhost_cert` to a | |
| # permanent location that you can readily access. | |
| # @EXAMPLE: ~/dev/certs/localhost/**.* | |
| # | |
| $ mv ~/Desktop/localhost_cert ~/dev/certs/localhost | |
| ############################################################ | |
| # STEP 5: Using The New SSL Certificate | |
| ############################################################ | |
| # | |
| # @angular/cli should now be accessible at `https://localhost4200` | |
| # | |
| $ ng serve --ssl --ssl-cert <path-to-cert>/server.crt --ssl-key <path-to-key>/server.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment