Self signed certificate

Extensions
1

So I wanted to get a basic setup going on and noticed I require a webserver that supplies on localhost the required files. I’m using nodejs http-server module to quickly deploy a webserver locally, but as it stands the extension manager requires https so I went ahead and created a self-signed key/cert pair with openssl with CN=localhost.

Now this all seems to work as for now, as I can see my set text in config.html in the extension manager. But Chrome will warn me that the website is not secure anymore.

So I wonder now if this is acceptable for testing and if it will have some complications down the road when I want to create a backend for my extension? I have looked quickly into getting a key/cert from letsencrypt but they seem to only service actual webhosts so can someone point me in the right direction to get a proper key/cert from a CA on a Windows platform for localhost private testing if I require a key/cert from a trusted CA.

2

You might get better going using NGROK to SSL terminate. So boot up NGROK, point your extension to the NGROK HTTPS URL and then NGROK can point to your local http node js server.

https://ngrok.com/

This will avoid certificate faff all together.

2 Likes
3

It should work fine, you’ll always get those warnings for the self signed certs (a good thing). As @BarryCarlyon mentioned, if you want to avoid it there’s a few services out there to leverage.

4

Will look into ngrok or some other service, but for now I found an easy way to let Chrome accept self signed certificates supplied from localhost to continue developing, sharing it here for whoever reads this with the same issue :slight_smile:

chrome://flags/#allow-insecure-localhost
2 Likes
5

I don’t know about Chrome, but if I remember correctly, there’s a difference between just the certificate and if it’s signed by your own CA. Also, you probably could add your certificate to whatever keystore is used, but it could be that this isn’t a recommended workaround for security reasons. Just a few more suggestions to think about.

6

How do you point the extension URL to ngrok endpoint? For local testing, it seems to be fixed to https://localhost:8080

7
  • Extensions
  • Edit Extension
  • Versions
  • Manage versions
  • Asset hosting

image
image2238×1506 405 KB

8

Awesome, thanks for that.

Here’s how I’m solving the problem using the http-proxy package. This will spawn a proxy server that serves your HTTP destination over HTTPS. Full code:

let fs = require('fs');
require('http-proxy').createServer({
  target: {
    host: 'localhost',
    port: 8009
  },
  ssl: {
    key: fs.readFileSync('./key.pem', 'utf8'),
    cert: fs.readFileSync('./cert.pem', 'utf8'),
    passphrase: 'pass'
  }
}).listen(8080);

This will create an HTTPS server at port 8080 which forwards to your HTTP webserver (running at port 8009 in this example). Here’s a one-liner to create the needed certificate (for testing only, of course):

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj '/CN=localhost'

You will be prompted to enter a passphrase. The example uses pass as the passphrase. Afterwards, it will output the needed key.pem and cert.pem files used in the proxy example.

1 Like
9

I do:

php -S 127.0.0.1:8000

Then

./ngrok http 8000

Then copy the NGROK https URL out and apply that to the Testing Base URI. Then I don’t need to make certificates (or open a hole in my firewall if I was doing post backs etc)

Basically I’m not making node SSL terminate as in production, Nginx is SSL terminating for me anyway. So why complicate your node code with it and self certs.

I’m spawning a PHP HTTP server and then point NGROK to it and letting NGROK SSL Terminate. No certificate crap then

10

A post was merged into an existing topic: Stream on ps5 error code