Rewizja Docs_Local_https_certificate.md

Pobierz ZIP

Erreur32 zrewidował ten Gist 6 months ago. Przejdź do rewizji

Brak zmian

Cecile Muller zrewidował ten Gist 6 years ago. Przejdź do rewizji

1 file changed, 0 insertions, 0 deletions

2018-https-localhost.md zmieniono nazwę na 2019-https-localhost.md

Zmieniono nazwę pliku bez modyfikacji zawartości

Cecile Muller zrewidował ten Gist 8 years ago. Przejdź do rewizji

1 file changed, 1 insertion, 1 deletion

2018-https-localhost.md

			@@ -27,7 +27,7 @@ First, create a file `domains.ext` that lists all your local domains:
27	27
28	28		authorityKeyIdentifier=keyid,issuer
29	29		basicConstraints=CA:FALSE
30		-	keyUsage = digitalSignature, nonRepudiation, keyEnciphement, dataEncipherment
	30	+	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
31	31		subjectAltName = @alt_names
32	32		[alt_names]
33	33		DNS.1 = localhost

Cecile Muller zrewidował ten Gist 8 years ago. Przejdź do rewizji

1 file changed, 2 insertions, 1 deletion

2018-https-localhost.md

			@@ -1,6 +1,7 @@
1	1		# How to create an HTTPS certificate for localhost domains
2	2
3		-	This focuses on generating the certificates for loading local virtual hosts hosted locally on your computer.
	3	+	This focuses on generating the certificates for loading local virtual hosts hosted on your computer, for development only.
	4	+
4	5
5	6		Do not use self-signed certificates in production !
6	7		For online certificates, use Let's Encrypt instead ([tutorial](https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8)).

Cecile Muller zrewidował ten Gist 8 years ago. Przejdź do rewizji

1 file changed, 1 insertion, 1 deletion

2018-https-localhost.md

			@@ -50,7 +50,7 @@ You can now configure your webserver, for example with Apache:
50	50		## Trust the local CA
51	51
52	52		At this point, the site would load with a warning about self-signed certificates.
53		-	In order to get a green lock, the local CA has to be added to trusted CA.
	53	+	In order to get a green lock, your new local CA has to be added to the trusted Root Certificate Authorities.
54	54
55	55
56	56		### Windows 10: Chrome, IE11 & Edge

Cecile Muller zrewidował ten Gist 8 years ago. Przejdź do rewizji

1 file changed, 73 insertions

2018-https-localhost.md(stworzono plik)

		@@ -0,0 +1,73 @@
1	+	# How to create an HTTPS certificate for localhost domains
2	+
3	+	This focuses on generating the certificates for loading local virtual hosts hosted locally on your computer.
4	+
5	+	Do not use self-signed certificates in production !
6	+	For online certificates, use Let's Encrypt instead ([tutorial](https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8)).
7	+
8	+
9	+
10	+	## Certificate authority (CA)
11	+
12	+	Generate `RootCA.pem`, `RootCA.key` & `RootCA.crt`:
13	+
14	+	openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=Example-Root-CA"
15	+	openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
16	+
17	+	Note that `Example-Root-CA` is an example, you can customize the name.
18	+
19	+
20	+	## Domain name certificate
21	+
22	+	Let's say you have two domains `fake1.local` and `fake2.local` that are hosted on your local machine
23	+	for development (using the `hosts` file to point them to `127.0.0.1`).
24	+
25	+	First, create a file `domains.ext` that lists all your local domains:
26	+
27	+	authorityKeyIdentifier=keyid,issuer
28	+	basicConstraints=CA:FALSE
29	+	keyUsage = digitalSignature, nonRepudiation, keyEnciphement, dataEncipherment
30	+	subjectAltName = @alt_names
31	+	[alt_names]
32	+	DNS.1 = localhost
33	+	DNS.2 = fake1.local
34	+	DNS.3 = fake2.local
35	+
36	+	Generate `localhost.key`, `localhost.csr`, and `localhost.crt`:
37	+
38	+	openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost.local"
39	+	openssl x509 -req -sha256 -days 1024 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt
40	+
41	+	Note that the country / state / city / name in the first command can be customized.
42	+
43	+	You can now configure your webserver, for example with Apache:
44	+
45	+	SSLEngine on
46	+	SSLCertificateFile "C:/example/localhost.crt"
47	+	SSLCertificateKeyFile "C:/example/localhost.key"
48	+
49	+
50	+	## Trust the local CA
51	+
52	+	At this point, the site would load with a warning about self-signed certificates.
53	+	In order to get a green lock, the local CA has to be added to trusted CA.
54	+
55	+
56	+	### Windows 10: Chrome, IE11 & Edge
57	+
58	+	Windows 10 recognizes `.crt` files, so you can right-click on `RootCA.crt` > `Install` to open the import dialog.
59	+
60	+	Make sure to select "Trusted Root Certification Authorities" and confirm.
61	+
62	+	You should now get a green lock in Chrome, IE11 and Edge.
63	+
64	+
65	+	### Windows 10: Firefox
66	+
67	+	There are two ways to get the CA trusted in Firefox.
68	+
69	+	The simplest is to make Firefox use the Windows trusted Root CAs by going to `about:config`,
70	+	and setting `security.enterprise_roots.enabled` to `true`.
71	+
72	+	The other way is to import the certificate by going
73	+	to `about:preferences#privacy` > `Certificats` > `Import` > `RootCA.pem` > `Confirm for websites`.

Nowsze Starsze