MKCERT.–创建和信任SSL以进行开发

MKCERT.–创建和信任SSL以进行开发

如果您正在编写代码,则需要SSL进行开发。你可以 自我征兆 a “fake”证书,但您将始终获得浏览器警告。

不再!

MKCERT. 是创造和信任的优秀工具 当地 SSL软件开发证书。

设置

Actually, no setup is required. MKCERT. is a binary file available for any Operating System. You can put it in a directory and run it from there.

在我的情况下:我的工作站运行 Xubuntu. and I will put MKCERT. in /data/apps folder.

从中下载预构建的二进制文件 //github.com/FiloSottile/mkcert/releases

最新版本(此时)是v1.4.2

mkdir -p /data/apps/mkcert
cd /data/apps/mkcert/
wget //github.com/FiloSottile/mkcert/releases/download/v1.4.2/mkcert-v1.4.2-linux-amd64

使它可执行

chmod +x /data/apps/mkcert/mkcert-v1.4.2-linux-amd64

Create a shortcut MKCERT. to execute the program

cd /usr/local/bin
sudo ln -s /data/apps/mkcert/mkcert-v1.4.2-linux-amd64 mkcert

在Linux上,安装 certutil

sudo apt-get install libnss3-tools

创建当地证书颁发机构(CA)

你的本地 证书颁发机构 仅在第一次(一次)创建:

MKCERT.-install
Created a new local CA at "/home/pontikis/.local/share/mkcert" 💥
The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)! 🦊

创建SSL.

示例:创建和信任(本地)域 dev.medisign.docker

First make the available changes to /etc/hosts for example:

172.18.0.10 dev.medisign.docker

然后创建本地证书

MKCERT.dev.medisign.docker
Using the local CA at "/home/pontikis/.local/share/mkcert" ✨
 
Created a new certificate valid for the following names 📜
 - "dev.medisign.docker"
 
The certificate is at "./dev.medisign.docker.pem" and the key at "./dev.medisign.docker-key.pem" ✅

Put the .pem files somewhere in your server (in my case at /etc/ssl-dev) and make the appropriate changes in webserver (Apache in my case) setup

这样的东西:

<IfModule mod_ssl.c>
	<VirtualHost *:443>
		ServerName dev.medisign.docker
		ServerAdmin [email protected]

		DocumentRoot /var/www/html

		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined

		SSLEngine on
		SSLCertificateFile	/etc/ssl-dev/dev.medisign.docker.pem
		SSLCertificateKeyFile /etc/ssl-dev/dev.medisign.docker-key.pem
	</VirtualHost>
</IfModule>

正如您所看到的,SSL从Google Chrome中被视为有效

MKCERT.- SSL for Development - Google Chrome
MKCERT.– Google Chrome

或来自Firefox.

MKCERT.- SSL for Development - Firefox
MKCERT.– Firefox

使证书在其他可信赖的机器中有效

有时您需要您的本地域(和SSL证书)可在您的笔记本电脑上使用 Docker. 容器。或者您需要在使用新的O / S版本设置工作站后使用它们。

Find rootCA.pem using

MKCERT.-CAROOT

结果

/home/pontikis/.local/share/mkcert

Copy rootCA.pem to relevant path in trusted machine and simply run

MKCERT.-install
Using the local CA at "/home/pontikis/.local/share/mkcert" ✨
The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)! 🦊

重要的安全通知

Warning: the file rootCA-key.pem that mkcert automatically generates, gives complete power to intercept secure requests from your machine. 不要在不受信任的机器中分享它。

欢迎您的意见!

MediSign  -  ehr用于小医疗实践

EHR用于小医疗实践

病历。约会。电子发票。

每月9美元