This is probably a noob question, but I must ask as I’ve been searching the internet for the past 2 days, and there is a lot of misinformation out there.
I want to add a certificate to my local development server.
Lots of people on the net say that you can create a self-signed certificate, but these don’t work.
Browsers don’t trust self-signed certificates.
Am I able to get a certificate for my local dev server?
The name of my local server is www.tg.loc.
If it can’t be done here, is it possible via another service?
A follow up question: how do other developers simulate a secure connection in their dev environment?
I’ve always worked on my own, so I don’t often get to learn from others.
Your input will be appreciated.
They have two options, one of which is more work than the other.
They can add trust in their own browsers to a self-signed certificate. Then those browsers will accept that certificate.
They can create their own local certificate authority that can issue the web site certificate, and then add trust in their own browsers for that certificate authority.
In both of these cases, the key point is that the general public will not accept the certificates, which is by design—there’s no reason that the general public should believe the certificates’ contents. So the developers have to take some action to modify their browsers’ trust behavior in order to accept something that’s not publicly-trusted.
Alternatively, some developers might work with a public domain name that they have registered and do control and then get a publicly-trusted certificate for it, even for development purposes.
In Server-Daten, I have a hidden test system. A copy of the webserver .NET code that runs under a second port, so it's not possible to connect that port from outside. Same database server, but completely different webserver code. If it works -> copy the code from that test- to the productive system.
There I can use the same certificate.
Page-development. Customers use their databases daily. But creating a new page is independend. Job done -> add the page to the menu.
Ignore it. An own service, only connected from the databases. A self signed certificate (10 years valid) and code that ignores the self signed error. One time installed, then forget it.
Development on the productive system. Crashes sometimes - happens - not really a problem. "check your website" - most things are added directly.
@JuergenAuer
Number 4, development on the server… that’s a bad habit that I need to get out of…
Developers can be quite naughty.
I think I’ll try figure out how to create my own local certificate authority.
I guess that’s what some of development is about: learning new things, even when they aren’t always practical… lol: developers life.
While this tutorial is great (I use it myself ) , I'm not sure how suited it is for Windows environments. Also, if it's just @poizn99 himself working on his own system (and noone else), why does he need a whole CA setup?
@poizn99 You can also just generate (with OpenSSL for Windows) a self signed certificate and just use that. If you're the only one working with this and it's just your own workstation, one single certificate will do just fine. No reason to complicate things like setting up root certificate with intermediate certificates if you're not going to use it.
You can use the guide posted by @stevenzhu for generating the root certificate and just use that.
To answer your question, it was mostly just for learning and getting my server setup correctly.
Self-signed certificates don’t work… I tried.
You have to setup a CA, and create certificates via the CA.
I followed the guide and found something similar for Windows and got it all working.
However, I think the best current resource for solving the problem is mkcert (https://github.com/FiloSottile/mkcert). I’ve been meaning to update the certificates-for-localhost page to link to that.