stevenroose · June 4, 2021 06:25
diff --git a/enable_ssl.dart b/enable_ssl.dart

 void enableSSL() {
  // the password used for the certutil db
  var sslPassword = ""; 

  // the certificate subject
  //  retrieved from certutil with command 
  //   > certutil -d sql:. -L -n my_domain
  //   and look for the "Subject: " line under certificate data
  var certificateName = "CN=mydomain.com,OU=...";
  
  // init 
  SecureSocket.initialize(database: ".", password: sslPassword);

  // bind
  HttpServer.bindSecure(host, sslPort, certificateName: certificateName).then((server) {
    // ...
  });
 }
diff --git a/setup_ssl.txt b/setup_ssl.txt

 # generate new private key
 openssl req -out my_domain.csr -new -newkey rsa:2048 -nodes -keyout my_domain.key

 # send the CSR to the SSL provider to issue a certificate
 # files received from SSL provider:
 #  - AddTrustExternalCARoot.crt
 #  - COMODORSAAddTrustCA.crt
 #  - COMODORSADomainValidationSecureServerCA.crt
 #  - my_domain.crt

 # create a new database
 certutil -d sql:. -N

 # add the root certificate (from SSL provider)
 certutil -d sql:./ -A -t "C,," -n AddTrustExternalCARoot -i AddTrustExternalCARoot.crt

 # add intermediate vertificates (from SSL provider)
 certutil -d sql:./ -A -t ",," -n COMODORSAAddTrustCA -i COMODORSAAddTrustCA.crt
 certutil -d sql:./ -A -t ",," -n COMODORSADomainValidationSecureServerCA -i COMODORSADomainValidationSecureServerCA.crt

 # add my domain certificate (from SSL provider)
 certutil -d sql:./ -A -t "P,," -n my_domain -i my_domain.crt


 # with this config, the server (its a primitive Dart server) gives this error:
 # > Cannot find private key for certificate

 # convert the private key to a pkcs12 key (thanks to Eric Darchis, http://stackoverflow.com/a/27176982/749521)
 openssl pkcs12 -export -out my_domain.p12 -inkey my_domain.key -in my_domain.crt -certfile COMODORSADomainValidationSecureServerCA.crt

 # add the key to the database
 pk12util -i my_domain.p12 -d sql:.

 # put the 2 .db files into the bin/ folder of the Dart server project

 # celebrate

	void enableSSL() {
	// the password used for the certutil db
	var sslPassword = "";

	// the certificate subject
	// retrieved from certutil with command
	// > certutil -d sql:. -L -n my_domain
	// and look for the "Subject: " line under certificate data
	var certificateName = "CN=mydomain.com,OU=...";

	// init
	SecureSocket.initialize(database: ".", password: sslPassword);

	// bind
	HttpServer.bindSecure(host, sslPort, certificateName: certificateName).then((server) {
	// ...
	});
	}

	# generate new private key
	openssl req -out my_domain.csr -new -newkey rsa:2048 -nodes -keyout my_domain.key

	# send the CSR to the SSL provider to issue a certificate
	# files received from SSL provider:
	# - AddTrustExternalCARoot.crt
	# - COMODORSAAddTrustCA.crt
	# - COMODORSADomainValidationSecureServerCA.crt
	# - my_domain.crt

	# create a new database
	certutil -d sql:. -N

	# add the root certificate (from SSL provider)
	certutil -d sql:./ -A -t "C,," -n AddTrustExternalCARoot -i AddTrustExternalCARoot.crt

	# add intermediate vertificates (from SSL provider)
	certutil -d sql:./ -A -t ",," -n COMODORSAAddTrustCA -i COMODORSAAddTrustCA.crt
	certutil -d sql:./ -A -t ",," -n COMODORSADomainValidationSecureServerCA -i COMODORSADomainValidationSecureServerCA.crt

	# add my domain certificate (from SSL provider)
	certutil -d sql:./ -A -t "P,," -n my_domain -i my_domain.crt


	# with this config, the server (its a primitive Dart server) gives this error:
	# > Cannot find private key for certificate

	# convert the private key to a pkcs12 key (thanks to Eric Darchis, http://stackoverflow.com/a/27176982/749521)
	openssl pkcs12 -export -out my_domain.p12 -inkey my_domain.key -in my_domain.crt -certfile COMODORSADomainValidationSecureServerCA.crt

	# add the key to the database
	pk12util -i my_domain.p12 -d sql:.

	# put the 2 .db files into the bin/ folder of the Dart server project

	# celebrate