loading...
Cover image for Useful article for generating SSL certs on Windows

Useful article for generating SSL certs on Windows

jsn1nj4 profile image JSn1nj4‍‍👨‍💻 ・2 min read

This is just an article I wanted to share that I found useful. I figured it would also be useful to others that are looking at local dev on Windows using HTTPS.

The only difference I want to mention, having followed these steps using Git Bash, is something that should be done slightly differently in Step 2 under 2 steps to issue Certificate for a local Domain:

This step provides the following snippet:

openssl x509 \
 -req \
 -in demo.local.csr \
 -CA rootSSL.pem -CAkey rootSSL.key -CAcreateserial \
 -out demo.local.crt \
 -days 500 \
 -sha256 \
 -extfile <(echo " \
    authorityKeyIdentifier=keyid,issuer\n \
    basicConstraints=CA:FALSE\n \
    keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\n \
    subjectAltName=DNS:demo.local \
   ")

Running this using a process substitution as the argument for the -extfile option results in this error:

error loading the config file  /proc/<pid>/fd/63'

From what I understand, this is because a temporary directory is created in /proc named after the sub process's pid, but the sub process closes and the temporary directory is deleted before the result can be passed as an argument to the above command.

To work around this, I put the temporary config string in a file named similarly to demo.local.cnf, then I used that filename as the argument in place of the process substitution shown above.

P.S.

I guarantee there are others more experienced with this; this is my first time successfully generating a cert for use locally, and I haven't had a chance to test it out yet.

Feel free to let me know where terminology and understanding needs correction/improvement. It would definitely help me better understand as I learn to work with local dev over HTTPS.

Discussion

pic
Editor guide