I want to know how to start a react app which was made using the create-react-app command in https instead of HTTP?
Use something like Root SSL certificate
Generate a key
openssl genrsa -des3 -out rootCA.key 2048
With they key you can generate a certificate which is good for 1,024 days
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
Open keychain access on your Mac and go to the certificates category and emport that rootCA.pem generated from the last step. Double click and under "When using this certiciate" select 'Always Trust'
Create an OpenSSL configuration file
server.csr.cnf
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=US
ST=RandomState
L=RandomCity
O=RandomOrganization
OU=RandomOrganizationUnit
emailAddress=hello#example.com
CN = localhost
Create a v3.ext file to create a X509 v3 certificate.
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = #alt_names
[alt_names]
DNS.1 = localhost
Create a certificate key for localhost using the configuration settings stored in server.csr.cnf. This key is stored in server.key.
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )
A certificate signing request is issued via the root SSL certificate we created earlier to create a domain certificate for localhost. The output is a certificate file called server.crt.
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
You’re now ready to secure your localhost with HTTPS. Move the server.key and server.crt files to an accessible location on your server and include them when starting your server.
In an Express app written in Node.js, here’s how you would do it. Make sure you do this only for your local environment. Do not use this in production.
var path = require('path')
var fs = require('fs')
var express = require('express')
var https = require('https')
var certOptions = {
key: fs.readFileSync(path.resolve('build/cert/server.key')),
cert: fs.readFileSync(path.resolve('build/cert/server.crt'))
}
var app = express()
var server = https.createServer(certOptions, app).listen(443)
Check https://github.com/dakshshah96/local-cert-generator/ for more detailed instructions
Adding on to the solution provided by Mark, to import the certificate you must click File > Import Items. Then, search for the certificate on your hard drive. After doing so you can proceed with the remaining steps.
Related
What I have done?
Genrared SSL Root Certificate and normal certificate and sign is using root crt and OpenSSL from batch code:
openssl req -x509 -newkey rsa:4096 -days 1825 -keyout ca-key.pem -out ca-cert.pem
openssl req -newkey rsa:4096 -keyout server-key.pem -out server-req.pem
openssl x509 -req -in server-req.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
What is the issue?
Then I open signed server certificate it don't show chain that lead to Root certificate.
For what result I am looking?
Fix/New openssl command or any other thing that would chain thoose certificate and can be done using batch script.
Solution should looks like this:
(But in certificate path in image 1 you cann't see the root one.)
ps: YouTube tutorial I was using.
Certificate was detected as self-signed and Root CA wasn't installed
I'm setting up a https certificate for my react web page using create-react-app, and I've managed to make it work using an autosigned rsa certificate but not with an elliptic curve autosigned certificate (nor with a real certificate using ec signed by a ca).
I've made .key and .crt with openssl:
rsa (works):
openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out my_rsa.crt -keyout my_rsa.key
ecc (does not work):
openssl ecparam -genkey -name secp384r1 | openssl ec -out my_ecc.key && openssl req -x509 -new -key my_ecc.key -out my_ecc.crt
Also i've made a signed by ca certificate with elliptic curve as explained in:
https://www.namecheap.com/support/knowledgebase/article.aspx/9446/14/generating-csr-on-apache-opensslmodsslnginx-heroku/
But it's not working either.
I'm using a .env.development file with the enviroment variables:
HTTPS=true
SSL_CRT_FILE=../../.ssl/my_.xxx.crt
SSL_KEY_FILE=../../.ssl/my_xxx.key
but when trying execute npm start y get this error:
The certificate "/home/ba/.ssl/my_ecc.crt" is invalid.
error:0608B096:digital envelope routines:EVP_PKEY_encrypt_init:operation not supported for this keytype
Any help?
Thanks.
Getting ready to move our IdentityServer4 setup from dev to test and I need to get the AddSignerCredentials() piece migrated from AddDeveloperCredentials(). I can generate a private and public RSASecurityKey but I'm unclear as to what RsaSecurityKey to pass to AddSignerCredentials(). The discovery endpoint somehow knows about the public key, but we'd want to sign tokens with the private key. Neither seems to work
Is there an example of how to use this somewhere in the documentation that I missed?
Use openSSL to create the certificate using the following demo command in your command prompt:
->OpenSSL req -x509 -newkey rsa:4096 -sha256 -nodes -keyout
IdentityServer4.key -out IdentityServer4.crt -subj
"/CN=IdentityServer4.com" -days 3650
->OpenSSL pkcs12 -export -out IdentityServer4.pfx -inkey
IdentityServer4.key -in IdentityServer4.crt -certfile IdentityServer4.crt
Install that certificate to your current user profile.
Replace
AddDeveloperSigningCredential()
with
AddSigningCredential("ThumbprintOfCertificate", StoreLocation.CurrentUser,NameType.Thumbprint)
That's it.
I have used Postgres and love its way to handle the database connection.
I have to use now Matlab and Physionet's flat database system to retrieve data.
However, I do not understand the logic in some cases, like in ptbdb.
How can you check if a connection exists to a database in Matlab?
How can you monitor what the system is doing when connecting to the database?
It would be very nice to be able to ping the system or something like that to know what is the problem. I get no information now what is the problem.
My connection was disconnected continuously because it was not secure.
The topic is about secure connection between Matlab and PostgreSQL, which is undocumented widely, for instance, discussed here about Secure SSL connection between Matlab and PostgreSQL.
Summary of the blog post
Make appropriate changes in
Generate certificate for the server; diseserver.csr, root.crt; postgreSQL directry (diseserver.key, diseserver.crt, and root.crt); please see more precisely here
postgresql.conf
pg_hba.conf
generate client certificates
convert key to pkcs8 format
check correct version of JDBC driver
check client certificate
dbtest.m
Certificate for the server
$openssl req -out diseserver.csr -new -newkey rsa:2048 -nodes -keyout diseserver.key
postgresql.conf
ssl = on
ssl_cert_file = 'diseserver.crt' # (change requires restart)
ssl_key_file = 'diseserver.key' # (change requires restart)
ssl_ca_file = 'root.crt' # (change requires restart)
pg_hba.conf
hostnossl all all 0.0.0.0/0 reject
hostssl mytable all 0.0.0.0/0 cert map=ssl clientcert=1
Generate client certificates
$mkdir ~/.postgresql
$cd ~/.postgresql
$openssl req -out postgresql.csr -new -newkey rsa:2048 -nodes -keyout postgresql.key
Convert key to pkcs8 format
$openssl pkcs8 -topk8 -inform PEM -outform DER -in postgresql.key -out postgresql.pk8 -nocrypt
Check client certificate
jdbc:postgresql://diseserver.mydomain.org/mytable?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&
dbtest.m matlab function
function dbtest
driver = 'org.postgresql.Driver';
[~,username] = system('whoami');
url = 'jdbc:postgresql://diseserver.mydomain.org/mytable?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&';
myconn = database('mytable', username, '', driver, url);
if ~isempty(myconn.Message)
fprintf(2,'%s\n', myconn.Message);
else
fprintf(1, 'Connected!\n');
end
end
In order to enable SSL in Appengine.
I try to enable SSL for my custom domain
So far I found this article:
setup SSL on AppEngine... Assigned URLs "empty"
openssl genrsa -out rsaprivkey.pem 1024
openssl req -new -x509 -key rsaprivkey.pem -out dsacert.pem
then I uploaded the generated .pem to google app SSL setting page
dsacert.pem > PEM encoded X.509 certificate
rsaprivkey.pem > Unencrypted PEM encoded RSA private key
However, I got this error message after Upload.
What should I do next?
Domain name in certificate should only contain allowed characters (RFC
1034).
Solve!
It this article
setup SSL on AppEngine... Assigned URLs "empty"
when open ssl asks you questions for your app's name, make sure to
include the entire url as in your answer, www.abc.com to secure
https://www.abc.com
But I didn't find any place to enter my app's name during the openssl pem generation at first.
finally I find out the domain should be filled in organization and common name fields.
http://www.rackspace.com/knowledge_center/article/generate-a-csr-with-openssl
Organization Name (eg, company) [Internet Widgits Pty Ltd]: > example.com
Common Name (eg, YOUR name) > *.example.com