Securing your local environment for Development

One of the most common tasks that developers face is to mimic production environments locally. When it comes to running your local app securely, most developers either just run regular “http” or create a self-signed certificate.

In this tutorial, I’m going to show you how to secure your local environment for development so you can run your application via HTTPS with no security warnings. We will use the tool makecert.exe  to create a root x.509 certificate and then use that to sign our SSL certificates. You can download this tool here.

What you’ll need.

  • makecert.exe – The makecert tool is used to create a root x.509 certificate.
  • pvk2pfx.exe – Pvk2Pfx copies the public and private key information contained in .spc, .cer and .pvk files into the personal information exchange file (.pfx).

Setting up your environment

We’ll begin by setting up our local environment. Create an ASP.NET web application as shown below. Modify your hosts file found here c:\Windows\System32\drivers\etc\  so you can map dev.local to localhost or 127.0.0.1

127.0.0.1       dev.local

Create your Root Certificate

First, use the makecert tool to create a root certificate. There are numerous parameters you can use when generating this certificate but the most important ones are outlined in the code below. This certificate is important for a number of reasons. The certificate created will have a private key which we will use to create our SSL certificate.

makecert.exe -r                         // self signed
             -n "CN=DevelopmentRoot"    // name
             -pe                        // exportable
             -sv DevelopmentRoot.pvk    // name of private key file
             -a sha1                    // hashing algorithm
             -len 2048                  // key length
             -b 01/21/2010              // valid from 
             -e 01/21/2030              // valid to
             -cy authority              // certificate type
             DevelopmentRoot.cer        // name of certificate file
             
--pvk2pfx copies public key and private key information in .cer & .pvk file to a personal information exchange
pvk2pfx.exe -pvk DevelopmentRoot.pvk    // Specifies the name of a .pvk file
            -spc DevelopmentRoot.cer    // Specifies the name and extension of the Software Publisher Certificate (SPC) file that contains the certificate
            -pfx DevelopmentRoot.pfx    // Specifies the name of a .pfx file.

 Use the Root Certificate to Create Self-Signed Certificate

makecert.exe -iv DevelopmentRoot.pvk    // file name of root priv key
             -ic DevelopmentRoot.cer    // file name of root cert
             -n "CN=dev.local"          // name
             -pe                        // mark as exportable
             -sv dev.local.pvk          // name of private key file
             -a sha1                    // hashing algorithm
             -len 2048                  // key length
             -b 01/21/2010              // valid from
             -e 01/21/2020              // valid to
             -sky exchange              // certificate type
             dev.local.cer              //name of certificate file
             -eku 1.3.6.1.5.5.7.3.1     // extended key usuage

--pvk2pfx copies public key and private key information in .cer & .pvk file to a personal information exchange
pvk2pfx.exe -pvk dev.local.pvk         // Specifies the name of a .pvk file
            -spc dev.local.cer         // Specifies the name and extension of the Software Publisher Certificate (SPC) file that contains the certificate
            -pfx dev.local.pfx         // Specifies the name of a .pfx file.

Install Certificates onto computer

Run the following command at the command prompt

In the dialog box that appears select to add a snap-in and following the prompts to select Certificates.

Right click on certificates under the Trusted Root Certificate Authorities and select the import tasks.

Navigate to where your certificates were created and choose the Development.cer file. Walk through the other steps and click finish.

Now it’s time to install the dev.local certificate on your machine.

Go back to the managment console and select personal -> certificates. Right click on certificates and select import under all tasks.

Next, follow the wizard and select the dev.local.pfx certificate.

At this point, we’re ready to associate the certificate with the site in IIS.