Sometimes when you work on PoC for web-based projects using HTTPS, you may want to have a SSL certificate for testing. You may simply create a self-signed certificate from IIS, however, when you visit the web site installed with self-signed certificate, you'll see a warning page you must be quite familiar with
There's a certificate authority called Let’s Encrypt, who's offering free SSL certificate valid for 3 months. That means you'll need to renew the certificate every 3 months, but that's quite enough for PoC. You can use Let's Encrypt client to obtain your cert via some command lines. I'm not a fan of command line, but fortunately I found a website at https://www.sslforfree.com/ built upon Let's Encrypt. Following some simple (but a bit tricky for Windows users) steps, you can get your free cert.
- Go to the website, input the domain you would like to create the cert for and click Create Free SSL Certificate
- Choose the way of verifying you are the owner of the domain. I haven't tried Automatic FTP Verification so I'll simply walk through Manual Verification and click Manually Verify Domain
- Assuming you are a Windows user, set up a IIS web site. The web site has to be publicly exposed on the internet and whitelist 66.133.109.36 (at the time of writing this post, it is this IP address) as mentioned in the page and bind the domain to the web site
- Click Download File #1, you will get a text file for further uploading. The file name and content will be different every time you request for the cert
- Create a folder in the root of the website named .well-known. Notice that you may get a warning message to stop you.
- Create a folder named acme-challenge under .well-known and copy the downloaded file to acme-challenge
- Click the link (for instance, http://test.petekcchen.com/.well-known/acme-challenge/mRIcor-5_-TPKeZJALHjCP4RdZMuchs-3u4XmfHT840) provided on the page, you may see 404 since the downloaded file does not have extension and it will be ignored by IIS. So go to your IIS website, add a MIME type as below
- Click Download SSL Certificate and the site service will communicate with Let's Encrypt to get the cert for you
- Click Download All SSL Certificate Files and you'll get a zip file named sslforfree.zip containing ca_bundle.crt, certificate.crt and private.key
1 comment:
This is very informative. Thanks for the very good work done
Post a Comment