Root certificate for LAN?


  • | 750 points

    Hey all!
    I'm working on PWA development and the HTTPS requirement of them has been an issue throughout development this far, because I need to test on my phone over my WiFi. Usually localhost and equivalents are allowed for testing, but the thing is that once its left my device, that's not the case. So, as a result, the service worker will be deleted once the temporary cache is thrown away by the browser.
    Sorry if that was a little long winded, TLDR:I need HTTPS to test my webapp on my phone over LAN, but cant due to PWA standards.

    Anyways, the main issue is that the default Laragon certificate is only set up using 127.0.0.0 and localhost, ect, not your computers IP on your network. Although that's perfectly reasonable, because 1, I'm an edge-case, and 2, theres no way to really modify the auto.openssl.cnf file to incorporate that during install or whatever.

    So that leads to my question I suppose. To get my PWA to properly install on my phone for testing I need to make a Root Certificate, and said root certificate needs to have 192.168.1.175 as the domain I guess. I tried doing this myself, with varying levels of success. I set up a CA on my computer following this guide, and set up a conf file with the following for DNS:

    [alt_names]
    DNS.1 = localhost
    DNS.2 = 192.168.1.175
    

    Doing this made a key and all, but when I tried to manually replace the config in Laragons files, (in etc/apache-2/sites-enabled/00-default.conf replacing the key file with mine), but couldn't get Laragon to accept it, and it just kept throwing errors, even after I put the SSL keys back to the defaults, so I just uninstalled/reinstalled.

    If anyone knows how to do (or how to properly do) this, I'd appreciate any help!

    PS I love Laragon, its probably the best web server I've ever worked with. Massive thanks to the developers for making it happen!


  • administrators
    | 123015 points

    @K4rakara : Please don't change the auto.openssl.cnf because it is auto-generated. Just update this template file:
    C:/laragon/bin/laragon/tpl/openssl.conf.tpl

    Laragon will take care of the rest.


  • | 750 points

    @leokhoa Hey, thanks, didn't realize that I shouldn't modify that file. Modifying that worked, but only for https://localhost. Heres the rather odd error screen i get at https://192.168.1.175 :
    0_1571501679885_upload-115d53d2-e234-4519-a87f-af85663e3482
    In the list it says 192.168.175 is valid, but it won't work. I tried adding *.192.168.1.175, but got the same result.
    Now if I only needed HTTPS for localhost this would be fine, but the service worker will delete itself on my mobile device unless the certificate is valid.
    Same issue occurred on my mobile when i tried to open the page with the root certificate installed.
    Here's the setup I used:

    [req]
    default_bits = 2048
    distinguished_name = req_distinguished_name
    req_extensions = v3_req
    prompt = no
    
    [req_distinguished_name]
    C  = US
    ST = New York
    L  = Albany
    O  = AcidByte Digital
    OU = R&D
    CN = AcidByte Digital
    
    [v3_req]
    keyUsage = keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth
    subjectAltName = @alt_names
    
    [alt_names]
    DNS.1 = localhost
    DNS.2 = 192.168.1.175
    DNS.3 = *.192.168.1.175
    

    Not sure what i did wrong?


Log in to reply
 

Looks like your connection to Laragon was lost, please wait while we try to reconnect.