ssl
serve https locally
Create a certificate
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout ~/git/key.pem -out ~/git/cert.pemCurrent directory:
npx http-server -S --cors -C ~/git/cert.pem -K ~/git/key.pem -o --port 3001A specific directory:
npx http-server my-directory -S --cors -C ~/git/cert.pem -K ~/git/key.pem -o --port 3001http.sys
- Demystify http.sys with HttpSysManager by Nicolas Dorier
install certificate authority on android
- Download the certificate authority certificate: myCA.pem
- Settings > Security > Encryption and credentials > Install a certificate > CA certificate
open ssl helpers
Display the subjectAltName of a certificate:
openssl x509 -noout -ext subjectAltName -in ./keys/cert.pemConvert to pfx:
openssl pkcs12 -export -out ./keys/myCA.pfx -inkey ./keys/myCA.key -in ./keys/myCA.pemCreate a CA signed certificate:
openssl genrsa -out linkninja.key
openssl req -new -key linkninja.key -out linkninja.csr -config linkninja.cnf
openssl x509 -req -in linkninja.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out linkninja.pem -sha256 -extfile linkninja.cnf -extensions req_extpersistkeyset
Installed certificates expiring? Use X509KeyStorageFlags.PersistKeySet - What is the impact of PersistKeySet
ssl certificate binding
bind a certificate
netsh http add sslcert ipport=<ipAddress>:<port> ^
certhash={<certificateThumbprint>} appid={<someGuid>}check current bindings
# all
netsh http show sslcert
# single ip/port
netsh http show sslcert ipport=<ipAddress>:<port>remove binding
netsh http delete sslcert ipport=<ipAddress>:<port>errors
When attempting to bind, the following error might occur;
A specified logon session does not exist. It may already have been terminated.
This means a private key needs to be attached to the certificate prior to binding.