Sample App Self-Signed SSL Creation

Step by step guide to create Self-Signed SSL certificates using OpenSSL

This guide aims to help the user to manually create the self-signed SSL and configure in sample app.

Configure SSL for the sample app

Self-signed SSL

Generate Certificates

authorityKeyIdentifier = keyid, issuer 
basicConstraints = CA:FALSE 
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment 
subjectAltName = @alt_names 
[alt_names] 
DNS.1 = localhost 
DNS.2 = identitydemo.acmeinc.com
  • Open command prompt and type openssl and hit enter.
  • Run the following commands to generate certificates.
openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=AcmeInc"
 
 openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
 
 set RANDFILE=.rnd # Only for windows

 openssl req -new -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=COUNTRY/ST=STATE/L=Location/O=Example-Certificates/CN=identitydemo.acmeinc.com"
 
 openssl x509 -req -sha256 -days 1024 -in server.csr -CA RootCA.pem -CAkey RootCA.key  -CAcreateserial -extfile "domains.ext" -out server.crt
 
 openssl pkcs12 -export -out sslkeystore.p12 -inkey server.key -in server.crt -name sampleapp -passout pass:"<PASSWORD>"

Install certificates   

  1. Install RootCA.crt certificate.
  2. Double click on certificate and click on Install certificate.
468468
  1. On Windows, select Local Machine and proceed.
    a. On Windows, select Trusted Root Certification Authorities as shown in the below image. 
417417

Select Trusted Root Certification Authorities

  1. On MacOS, select "System"
17621762

Root CA

  1. Repeat steps 2-4 to install server.crt certificate.

DNS Aliasing

  • Make an entry in hosts.

    On Windows, edit [C:\Windows\System32\drivers\etc\hosts] file.
    On *nix (Linux/ Mac) systems, edit /etc/hosts file.

127.0.0.1 identitydemo.acmeinc.com

SSL Configuration

This section is applicable for both Self Signed SSL and Public SSL certificates.

  • Copy the .p12 file (generated in this step and place it under resources folder .\Spring-boot\src\main\resources
  • Create a new folder named ssl under angular project. .\angular
  • Now move server.crt and server.key files (generated in this step to ssl folder under angular project.
  • If you have any existing .crt and .key files, rename it to server.crt and server.key.

Update configuration file in sample app

Update application.yml file

  • Update placeholder values in application.yml file located at identity-demo-angular/spring-boot/src/main/resources/application.yml
    • server.ssl.key-alias - Key alias name used at the time of key creation.
    • server.ssl.key-store - Mention key store value as classpath:sslkeystore.p12.
    • server.ssl.key-store-password - Mention the key store password entered while exporting the key.