Thursday, February 21, 2019

Certificate for local dev, demos, etc.

Recently, I played around with the Habitat Home demo, from Sitecore that has replaced the good old legal demo. It can be found here by the way: https://github.com/Sitecore/Sitecore.HabitatHome.Platform.

It requires a blank Sitecore 9.1 with SXA installed. How to install that, is covered in so many blogs, so I don't want to repeat that ;).

It also requires running the site in https mode. No problem, you can just add a self signed certificate in IIS, and use that. But it has always annoyed me that the browser of course do not trust this certificate, and especially in demo scenarios, it is not cool with the "Untrusted connection" shown in the browser.

So creating a locally trusted certificate that you can use for all your local sites is a better way forward in my opinion. And instead of trawling the interweb for a guide, let me just share it here with you ;):

(This way I also have my own guide when I have forgotten the process next time I need to do it!).

Create a certificate

Easiest way I found was to run a Powershell command in Powershell ICE.

1. Open Powershell ICE in admin mode!

2. Run the following command: New-SelfSignedCertificate -DnsName *.dev.local, localhost -CertStoreLocation cert:\LocalMachine\My



Change "*.dev.local, local" to whatever makes sense for your environment. your sites bindings needs to match the domains. the * in front of dev.local means that you can use this certificate for any sites that has a url/binding that ends with dev.local, i.e. https://habitathome.dev.local/ and https://test.dev.local/

Now export the certificate

1. Open mmc.exe

2. If you have not manually messed around with certificates on your PC before, you need to add "certificates" in mmc


2.1. In mmc, click "File" -> "Add/Remove Snap-in.."

2.2. Click on "certificates" and ""Add" and choose "Computer account" -> "Local computer". Then click OK

3. Expand "Certificates (Local Computer)", "Personal", "Certificates"

4. Right click on the certificate you have created (if you used the exact command from above, it will be "*.dev.local") and choose "All tasks" -> "Export.." And follow the export wizard:

4.1. In the export wizard, choose "Yes, export the private key"

4.2. In the next screen choose "Personal Information Exchange" so the certificate will have the .pfx extension. (I do not know if this is important, but it works ;)). Leave all the check boxes as-is.

4.3. check the "Password" checkbox and give it a password you remember (obviously). The encryption does not matter (I think), so I chose the first option 

4.4. Give the exported certificate a name and choose location

4.5. Finish the wizard and you should now have a .pfx file in the chosen location

Import certificate to the trusted root store

1. Still in mmc go to "Console Root" -> "Certificates" -> "Trusted Root Certification Authorities" and right click on "Certificates"



2. Choose "All tasks" -> "Import"

3. Browse for the just created .pfx certificate and follow the guide for importing the certificate, leaving all default choices as-is

That is it! now you can use your newly created, locally trusted, certificate in IIS when setting up https bindings.

remember the binding needs to match the domain you used when creating the certificate. in my case that would be something.dev.local.

 
BIG DISCLAIMER:
I do not know much about certificates, so if any of the above is stupid, does not make sense, or should be done differently, do write a comment about it!


//If you find this post informational/misleading/educational/whatever, please provide a comment.

//Also it would be nice with just a HI, so I know real people are actually seeing my posts ;)










No comments:

Post a Comment