How to generate error-free SSL certificates.

0
66

Hello! I hope you’re all right. In the previous post, we learned how to generate self-signed SSL certificates on Windows Server 2019. Additionally, we saw that these certificates allow us to test the https protocol on our web pages. This is very useful for intranet use or web development. However, we saw that opening the page generated a security error message. It is necessary to modify the security policies of the browser and add an exception to the website to continue browsing. Even so, the browser still appeared a warning. To me in particular, this warning is really uncomfortable. These errors are generated because the certificates are not really valid. They are not signed by a trusted certifier but are self-signed by the local machine itself. That’s why I’m going to show you how to generate error-free SSL certificates.

Create a virtual certifier entity.

In order to generate these certificates, it is necessary to use an opensource program called mkcert. Let me explain how this application works. Instead of generating self-signed certificates, it creates a local virtual certification authority that is added to the trusted root certificates authorities. Since the function of the program has been explained, please go to the download page to select the executable file.

Downloading the executable file
Downloading the executable file

This file is the program itself, no need to install or download other dependencies. We only have to run it using a Command Prompt. For ease of use, I recommend locating the downloaded file in a dedicated folder and renaming it to mkcert.exe. To do this, just click on the newly downloaded file, right-click and select properties. Furthermore, in the box corresponding to the file name, enter the new value. Then press OK to save the changes.

Renaming the file to mkcert.exe
Renaming the file to mkcert.exe

Once downloaded the file you have to open a Command Prompt. With this in mind, press the Win+R combination, and in the box type CMD:

Running a Command Prompt
Running a Command Prompt

Then in Command Prompt, you have to use the cd command to navigate to the folder where you placed the file. Then execute the following command:

 mkcert -install 

the system will display a security warning indicating that a trusted root certificate will be installed for your certifier body. Just accept to install the certificate.

installing the virtual certifier body
installing the virtual certifier

If everything is OK, you will see a confirmation message on the console with the warning that firefox support is not yet available.

Successfully Mkcert installed
Successfully Mkcert installed

Generating certificates with mkcert

To generate a certificate we just have to type the command mkcert followed by the domain name for which we want to generate the certificate. For example, if we want to generate it for localhost site, we will use the following syntax:

 mkcert localhost 

Executing this command will result in a digital certificate and a private key file in PEM format. This class of certificates is most commonly used on Mac, Linux, Apache or Nginx. But to generate a certificate suitable for our Windows platform, it is necessary to generate it in PKCS 12 format. With this intention, you have to add the parameter -pkcs12, so that the syntax will be this way:

mkcert -pkcs12 localhost

When entering the command, we will see the following message in the cmd:

Generating a certificate suitable for Windows
Generating a certificate suitable for Windows

Please note that the encryption password is changeit, as seen in the Command Prompt. This password will be asked for later.

Installing the certificate.

In the first place, you have to locate the certificate you just generated. This is in the folder where you saved the program. Its name is localhost.p12. Once there, double click on it to start the installation. Select Local Machine and press Next to continue the installation.

Select Local Machine
Select Local Machine

The wizard will ask you to confirm the certificate you want to import.

Specify the file to import
Specify the file to import

Remember I asked you to remember the encryption password? Then it’s time to add it to install the certificate.

Introducing the password
Introducing the password

On the next screen choose the first option.

Automatic selection of certificates
Automatic selection of certificates

Then check the options and press finish to complete the import.

Finishing the import
Finishing the import

A message will confirm that the process has been successfully completed.

Binding the SSL certificate

Once we have created and installed the certificate, it is time to bind it to the website. To do this, we will use the Internet Information Service Manager. To know everything about this tool I invite you to see our tutorial about IIS. First of all, we will check if the certificate is correctly installed. With this in mind, in the left column select the server, and in the central panel choose Server Certificates. Then, in the right column, place the action Open Feature

IIS manager
IIS manager

The list of available certificates will open. For now, we’ll only see the one we just added.

Server Certificates
Server Certificates

Finally, we will bind the certificate to the website. To see how it’s done, check the link above. Here I only show you the correctly added certificate.

Successfully added certificate
Successfully added certificate

Testing the certificate on the website

In the same menu above, please select Browse *.443 (https). This action will launch the web page, using the https protocol that allows the SSL certificate.

Launching https navigation on the website
Launching https navigation on the website

In the web browser, we will see the indicative padlock that we are using https.

Testing the SSL certificate on Opera
Testing the SSL certificate on Opera
Testing the SSL certificate on Edge Beta
Testing the SSL certificate on Edge Beta
Testing the SSL certificate on Chrome
Testing the SSL certificate on Chrome

Well, finally we have learned how to generate SSL certificates that do not cause security errors. It is important to note that these certificates are only valid on our local machine. So if we use them on other computers will not work. However, it is of tremendous help to develop locally. Personally, these articles that involve more research are my favorites. Before I say goodbye, I would like to invite you to our Telegram channel.

Read More

If You Appreciate What We Do Here On OsRadar, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Telegram
  2. Subscribe to our email updates: Sign Up Now
  3. Become a Supporter - Make a contribution via PayPal

We are thankful for your support.

LEAVE A REPLY

Please enter your comment!
Please enter your name here