DEV Community

Cover image for Useful article for generating SSL certs on Windows
Elliot Derhay
Elliot Derhay

Posted on

Useful article for generating SSL certs on Windows

This is just an article I wanted to share that I found useful. I figured it would also be useful to others that are looking at local dev on Windows using HTTPS.

The only difference I want to mention, having followed these steps using Git Bash, is something that should be done slightly differently in Step 2 under 2 steps to issue Certificate for a local Domain:

This step provides the following snippet:

openssl x509 \
 -req \
 -in demo.local.csr \
 -CA rootSSL.pem -CAkey rootSSL.key -CAcreateserial \
 -out demo.local.crt \
 -days 500 \
 -sha256 \
 -extfile <(echo " \
    authorityKeyIdentifier=keyid,issuer\n \
    basicConstraints=CA:FALSE\n \
    keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\n \
    subjectAltName=DNS:demo.local \
   ")
Enter fullscreen mode Exit fullscreen mode

Running this using a process substitution as the argument for the -extfile option results in this error:

error loading the config file  /proc/<pid>/fd/63'
Enter fullscreen mode Exit fullscreen mode

From what I understand, this is because a temporary directory is created in /proc named after the sub process's pid, but the sub process closes and the temporary directory is deleted before the result can be passed as an argument to the above command.

To work around this, I put the temporary config string in a file named similarly to demo.local.cnf, then I used that filename as the argument in place of the process substitution shown above.

P.S.

I guarantee there are others more experienced with this; this is my first time successfully generating a cert for use locally, and I haven't had a chance to test it out yet.

Feel free to let me know where terminology and understanding needs correction/improvement. It would definitely help me better understand as I learn to work with local dev over HTTPS.

Top comments (0)