Use angular service-worker with self signed certificate in local network?

My web server is (include version): IIS 10.0

The operating system my web server runs on is (include version): Windows 10

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

I want to create a website hosted on an IIS, that also works offline (with angular service-worker) and is only available in our local network. For that I want to use angular service-worker. An SSL-Certificate is needed for them to work in production.
Since the website is not public I don’t think I can get an official certificate using Let’s Encrypt. Therefore I created a self signed certificate using OpenSSL with the following commands:

openssl> genrsa -des3 -out c:\openssl\selfsigned\server.key 2048
openssl> reg -new -key c:\openssl\selfsigned.server\key -sha256 -out c:\openssl\selfsigned\server.crt
openssl> x509 -req -days 365 -in c:\openssl\selfsigned\server.csr -signkey c:\openssl\selfsigned\server.key -sha256 -out c:\openssl\selfsigned\server.crt
openssl> pkcs12 -export -out c:\openssl\selfsigned\server.pfx -inkey c:\openssl\selfsigned\server.key -in c:\openssl\selfsigned\server.crt

I imported the server.pfx on the IIS and set it as the SSL-Certificate for the website. I send the server.crt via mail to an iPad Air 2 with iOS 12.3 and installed it.
Opening the website the first time it says untrusted website but after choosing going forward to the website it works fine and caching and registering new versions of the site works aswell.

Once I close Safari though and open the website again the service-worker don’t work anymore. Well they still open an old cached version but they don’t load new ones until I delete the cache of Safari. I don’t want that since I save information in the localStorage.
When I open https://website/ngsw/state on the client it says TypeError(The Certificate for this Server is invalid) .

Are there more options so the client acceps the website as trusted? Maybe I’m missing something or made a stupid mistake. Any help is appreciated.


Hi @Oliver

is the domain public visible / worldwide unique?

If yes, you can create a Letsencrypt certificate via dns-01 validation. That's possible without having a public visible A/AAAA record with a running webserver.


Hey @JuergenAuer,

Thanks for your quick answer!
The domain only consists of the website and is not public visible.

But is that domain registered? Or is it possible that you register that domain? Or is it possible that you register another domain name and use that?

If yes, you are the worldwide unique domain owner and you are able to create a certificate via dns-01 validation.

The domain is not registered and my boss don’t want it to get public, registered or known outsite of the local network.
I’m sorry yet I’m not well known with this stuff. I’ve been searching for a solution for 2 weeks now and can’t find a solution but still hope there is one.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.