How to configure HTTPS in localhost

How to configure https in localhost bangla
How to Configure HTTPS in localhost Bangla

How to configure HTTPS in localhost

In this video, I explained every details about "How to configure HTTPS in localhost Bangla or How to configure TLS Certificate in localhost". So for better understanding, please check out the video and if you have any query, feel free to ask me here in the comment section.

How to configure HTTPS in localhost Bangla | How to configure TLS Certificate in localhost Bangla

For configuring HTTPS in localhost, we need these conf files

  1. Root-ca.conf file code
  2. Sub-ca.conf file code
  3. nginx.conf file code


1. Root-ca.conf File code

[ca]
#/root/ca/root-ca/root-ca.conf
#see man ca
default_ca    = CA_default

[CA_default]
dir     = /root/ca/root-ca
certs     =  $dir/certs
crl_dir    = $dir/crl
new_certs_dir   = $dir/newcerts
database   = $dir/index
serial    = $dir/serial
RANDFILE   = $dir/private/.rand

private_key   = $dir/private/ca.key
certificate   = $dir/certs/ca.crt

crlnumber   = $dir/crlnumber
crl    =  $dir/crl/ca.crl
crl_extensions   = crl_ext
default_crl_days    = 30

default_md   = sha256

name_opt   = ca_default
cert_opt   = ca_default
default_days   = 365
preserve   = no
policy    = policy_strict

[ policy_strict ]
countryName   = supplied
stateOrProvinceName  =  supplied
organizationName  = match
organizationalUnitName  =  optional
commonName   =  supplied
emailAddress   =  optional

[ policy_loose ]
countryName   = optional
stateOrProvinceName  = optional
localityName   = optional
organizationName  = optional
organizationalUnitName   = optional
commonName   = supplied
emailAddress   = optional

[ req ]
# Options for the req tool, man req.
default_bits   = 2048
distinguished_name  = req_distinguished_name
string_mask   = utf8only
default_md   =  sha256
# Extension to add when the -x509 option is used.
x509_extensions   = v3_ca

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
stateOrProvinceName             = State or Province Name
localityName                    = Locality Name
0.organizationName              = Organization Name
organizationalUnitName          = Organizational Unit Name
commonName                      = Common Name
emailAddress                    = Email Address
countryName_default  = BD
stateOrProvinceName_default = Dhaka
0.organizationName_default = Mahmud Alam Ltd

[ v3_ca ]
# Extensions to apply when createing root ca
# Extensions for a typical CA, man x509v3_config
subjectKeyIdentifier  = hash
authorityKeyIdentifier  = keyid:always,issuer
basicConstraints  = critical, CA:true
keyUsage   =  critical, digitalSignature, cRLSign, keyCertSign

[ v3_intermediate_ca ]
# Extensions to apply when creating intermediate or sub-ca
# Extensions for a typical intermediate CA, same man as above
subjectKeyIdentifier  = hash
authorityKeyIdentifier  = keyid:always,issuer
#pathlen:0 ensures no more sub-ca can be created below an intermediate
basicConstraints  = critical, CA:true, pathlen:0
keyUsage   = critical, digitalSignature, cRLSign, keyCertSign

[ server_cert ]
# Extensions for server certificates
basicConstraints  = CA:FALSE
nsCertType   = server
nsComment   =  "OpenSSL Generated Server Certificate"
subjectKeyIdentifier  = hash
authorityKeyIdentifier  = keyid,issuer:always
keyUsage   =  critical, digitalSignature, keyEncipherment
extendedKeyUsage  = serverAuth


2. Sub-ca.conf File code

[ca]
#/root/ca/sub-ca/sub-ca.conf
#see man ca
default_ca    = CA_default

[CA_default]
dir     = /root/ca/sub-ca
certs     =  $dir/certs
crl_dir    = $dir/crl
new_certs_dir   = $dir/newcerts
database   = $dir/index
serial    = $dir/serial
RANDFILE   = $dir/private/.rand

private_key   = $dir/private/sub-ca.key
certificate   = $dir/certs/sub-ca.crt

crlnumber   = $dir/crlnumber
crl    =  $dir/crl/ca.crl
crl_extensions   = crl_ext
default_crl_days    = 30

default_md   = sha256

name_opt   = ca_default
cert_opt   = ca_default
default_days   = 365
preserve   = no
policy    = policy_loose

[ policy_strict ]
countryName   = supplied
stateOrProvinceName  =  supplied
organizationName  = match
organizationalUnitName  =  optional
commonName   =  supplied
emailAddress   =  optional

[ policy_loose ]
countryName   = optional
stateOrProvinceName  = optional
localityName   = optional
organizationName  = optional
organizationalUnitName   = optional
commonName   = supplied
emailAddress   = optional

[ req ]
# Options for the req tool, man req.
default_bits   = 2048
distinguished_name  = req_distinguished_name
string_mask   = utf8only
default_md   =  sha256
# Extension to add when the -x509 option is used.
x509_extensions   = v3_ca

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
stateOrProvinceName             = State or Province Name
localityName                    = Locality Name
0.organizationName              = Organization Name
organizationalUnitName          = Organizational Unit Name
commonName                      = Common Name
emailAddress                    = Email Address
countryName_default  = BD
stateOrProvinceName_default = Dhaka
0.organizationName_default = Mahmud Alam Ltd

[ v3_ca ]
# Extensions to apply when createing root ca
# Extensions for a typical CA, man x509v3_config
subjectKeyIdentifier  = hash
authorityKeyIdentifier  = keyid:always,issuer
basicConstraints  = critical, CA:true
keyUsage   =  critical, digitalSignature, cRLSign, keyCertSign

[ v3_intermediate_ca ]
# Extensions to apply when creating intermediate or sub-ca
# Extensions for a typical intermediate CA, same man as above
subjectKeyIdentifier  = hash
authorityKeyIdentifier  = keyid:always,issuer
#pathlen:0 ensures no more sub-ca can be created below an intermediate
basicConstraints  = critical, CA:true, pathlen:0
keyUsage   = critical, digitalSignature, cRLSign, keyCertSign

[ server_cert ]
# Extensions for server certificates
basicConstraints  = CA:FALSE
nsCertType   = server
nsComment   =  "OpenSSL Generated Server Certificate"
subjectKeyIdentifier  = hash
authorityKeyIdentifier  = keyid,issuer:always
keyUsage   =  critical, digitalSignature, keyEncipherment
extendedKeyUsage  = serverAuth


3. nginx.conf file code

# HTTPS server
#
server {
	listen		443 ssl;
	server_name	www.mahmud-localhost.com;
	
	ssl_certificate		/root/ca/server/certs/chained.crt;
	ssl_certificate_key	/root/ca/server/private/server.key;
	
	ssl_protocols		TLSv1.2;
	
	ssl_session_cache	shared:SSL:1m;
	ssl_session_timeout	5m;
	
	ssl_ciphers	HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers	on;
	
	location / {
		root	/srv/www/htdocs/;
		index	index.html index.htm;
	}
}

include vhosts.d/*.conf;


Thank you for reading my blog. If you have any query about this code, feel free to ask by comment. Thank you again.

This Post Has 4 Comments

  1. Robert Miranda March 14, 2024 Reply

    Ahaa, its nice conversation about this piece of writing at this place at this
    weblog, I have read all that, so now me also commenting here.

    1. Mahmud Alam March 16, 2024 Reply

      I’m thrilled to hear that you’ve enjoyed the conversation about the piece of writing on this weblog! Thank you for taking the time to read through it all and for joining in with your comment. Your engagement is greatly appreciated. If you have any further thoughts or questions, feel free to share them. 😊

  2. Samuel Supper March 19, 2024 Reply

    Hey would you mind stating which blog platform you’re using?
    I’m going to start my own blog in the near future but I’m having a difficult
    time choosing between BlogEngine/Wordpress/B2evolution and Drupal.

    The reason I ask is because your design and style seems different then most blogs and I’m looking for something completely unique.

    P.S My apologies for getting off-topic but I had to ask!

    1. Mahmud Alam March 30, 2024 Reply

      Thank you for your interest in my blog platform! I’m glad you find the design and style unique. I actually custom-built my blog using a combination of HTML, CSS, and JavaScript, along with a backend powered by Node.js. This allowed me to create a completely unique design tailored to my preferences.

      While platforms like BlogEngine, WordPress, B2evolution, and Drupal offer great features and customization options, I opted for a custom solution to achieve the specific look and functionality I wanted. If you’re comfortable with some coding and want full control over your blog’s design and features, I’d encourage you to explore custom development options.

      However, if you prefer a more user-friendly and out-of-the-box solution, platforms like WordPress can still offer a wide range of themes and plugins to help you achieve a unique look for your blog.

      Feel free to reach out if you have any more questions or need further advice on starting your own blog!

Leave a Reply