apache - Trouble getting a self-signed cert working in Postman -


i'm not sure stack community belongs in, hoping can me out.

i'm getting using ssl on personal sites, started trying make multi-domain self signed cert local development (to handle api.mydomain.local, www.mydomain.local, , mydomain.local). don't know if first mistake, but...

as couldn't find single encompassing guide, started using 2 tutorials (from easyengine , developerside) create cert , install on host (win10). used digitalocean guide figure out how setup apache on dev server (a ubuntu vm); there, no big trouble, other minor issues caused working multiple guides @ same time.

i go ahead , try hit api in chrome, gives me untrusted certificate value expected, pass , works. far know, means cert worked? however, when try hit api in postman, error indicates can't accept untrusted cert, fine, has tutorial on how fix that. however, still doesn't work. can't figure out else fix this, , i'm hoping can advise me... on right track? cert borked? did make core mistake in trying multi-domain cert?

one thing did notice in dev tools security tab, says

subject alternative name missing

so i'm not sure if means alt names aren't working, if weren't, wouldn't try load certificate when hit in chrome, right?

i had similar issue while writing article website on ssl certificates. wrote shell script same

#!/bin/bash  cert_company_name=${cert_company_name:=tarun lalwani} cert_country=${cert_country:=in} cert_state=${cert_state:=delhi} cert_city=${cert_city:=delhi}  cert_dir=${cert_dir:=certs}  root_cert=${root_cert:=rootca.pem} root_cert_key=${root_cert_key:=rootca.key.pem}   # make directories work mkdir -p $cert_dir  create_root_cert(){   # create own root certificate authority   openssl genrsa \     -out $cert_dir/$root_cert_key \     2048    # self-sign root certificate authority   # since private, details can bogus   openssl req \     -x509 \     -new \     -nodes \     -key ${cert_dir}/$root_cert_key \     -days 1024 \     -out ${cert_dir}/$root_cert \     -subj "/c=$cert_country/st=$cert_state/l=$cert_city/o=$cert_company_name signing authority/cn=$cert_company_name signing authority" }   create_domain_cert() {   local fqdn=$1   local filename=${fqdn/\*/wild}    # create device certificate each domain,   # such example.com, *.example.com, awesome.example.com   # note: must match cn domain name or ip address want use   openssl genrsa \     -out $cert_dir/${filename}.key \     2048    # create request device, root ca sign   if [[ ! -z "${san}" ]];     openssl req -new \       -key ${cert_dir}/${filename}.key \       -out ${cert_dir}/${filename}.csr \       -subj "/c=${cert_country}/st=${cert_state}/l=${cert_city}/o=$cert_company_name/cn=${fqdn}" \       -reqexts san_env -config <(cat /etc/ssl/openssl.cnf <(cat ./openssl-san.cnf))   else     openssl req -new \       -key ${cert_dir}/${filename}.key \       -out ${cert_dir}/${filename}.csr \       -subj "/c=${cert_country}/st=${cert_state}/l=${cert_city}/o=$cert_company_name/cn=${fqdn}"   fi     # sign request device root ca   if [[ ! -z "${san}" ]];     openssl x509 \       -sha256 \       -req -in $cert_dir/${filename}.csr \       -ca $cert_dir/$root_cert \       -cakey $cert_dir/$root_cert_key \       -cacreateserial \       -out $cert_dir/${filename}.crt \       -days 500 \       -extensions san_env \       -extfile openssl-san.cnf   else     openssl x509 \       -sha256 \       -req -in $cert_dir/${filename}.csr \       -ca $cert_dir/$root_cert \       -cakey $cert_dir/$root_cert_key \       -cacreateserial \       -out $cert_dir/${filename}.crt \       -days 500    fi }   method=$1  args=${*:2}  echo "called $method , $args" if [ -z "${method}" ];   echo "usage ./sslcerts.sh [create_root_cert|create_domain_cert] <args>"   echo "below environment variabls can use:"   echo "cert_company_name=company name"   echo "cert_country=country"   echo "cert_state=state"   echo "cert_city=city"   echo "cert_dir=directory certificate needs genereated"    echo "root_cert=name of root cert"   echo "root_cert_key=name of root certificate key" else   ${method} ${args} fi

you can change environment variables on top , generate self-signed certificate using below

$ san=dns.1:*.tarunlalwani.com,dns.2:tarunlalwani.com ./sslcerts.sh create_domain_cert '*.tarunlalwani.com'

edit 1

earlier browsers use rely on fqdn, of them have started using san "subject alternative name". openssl doesn't come v3 extensions configured. san part of v3 extensions. when generated self signed certificated has correct fqdn (full qualified domain name) not san. chrome show error these certificates see firefox working fine.

ps: taken article http://tarunlalwani.com/post/self-signed-certificates-trusting-them/


Comments

Post a Comment

Popular posts from this blog

PHP and MySQL WP -

i trying accomplish 2 things here code. writing php directly wp page using insert php plugin. 1) query mysql database , return results 1 column 4 columns. 2) make each result own hyperlink directs user new wp page runs new query on page. i able query show results , turn results dynamic hyperlink, cannot formatting down. right returns result 1 column. here have: [insert_php] $servername = "localhost"; $username = "login"; //edited privacy $password = "password"; //edited privacy $database = "database"; //edited privacy // create connection $conn = new mysqli($servername, $username, $password, $database); // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } echo "connected successfully"; //get results database $result = mysqli_query($conn,"select mine mines order mine"); $all_property = array(); //declare array saving property //showing proper...
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m...
Read more

go - golang pprof for c library code -

i have been trying profile golang application pprof, seems details of c code(linked static library) missed in output result. flame graph from frame graph can see c code time consuming reported within "runtime._externalcode", no details @ all. , sure static library compiled debug enable. so there way make pprof details(like stack trace) of 3rd party c code? or there other golang profiling tool this?
Read more