I know this is an old question, but until recently I had only solved the Same Alternate Name problem for XAMPP SSL certificates for Chrome, IE, and Opera, with Firefox still not responding. I could only make Firefox accept the SSL certificate by adding a permanent exception for it, so it wasn't a true solution to the problem.
Since my last activity on this post, others outside this forum have encountered the same problem and have written their solutions to it. I recently came across this article:
https://creativelogic.biz/https-ssl-local-dev-windows/ It provided all I needed to know to be able to solve the problem completely on my system, satisfying Firefox without having to create a permanent exception for the certificate.
The solution is to create your own CA that can sign the SSLs, and to import the PEMs into both the Windows Certificate Manager and Firefox's internal Certificate Manager. That way, the certificate presented by the localhost will be accepted, as the PEM confers authenticity.
However, the author of that article mistakenly assumes that you must use bash to perform the various operations, and doesn't show how to automate it fully. Below is my solution to automating it with the use of 4 batch files. The first batch file sets environment variables; it is called by the central batch files, the second merely unsets the environment variables set in the first. These are called at the beginning and ending of the central batch files, A.BAT and B.BAT.
Those two batch files are to be run in sequence. There is a necessary break between the two so that the PEM created by the first batch file may be imported into Windows and Firefox; the routines in B.BAT require that PEM to be registered with Windows. Text printed to the screen at the end A.BAT provides instruction on how to perform the import on Windows 8.1/10. Text printed at the end of B.BAT provides instruction on what must be changed/edited in the XAMPP set-up to use the new SLL files.
NB: I'm using OpenSSL version 1.0.2e (win32) on Windows 8.1 and Windows 10; later versions of OpenSSL may have changed the names of some of the command-line options, so it would be prudent to check them if you're using a different version of OpenSSL. I'm also using Chrome 71, Firefox 64, IE11, and Opera 56; the solution here works for those browsers on Win8.1/10.
NB: I'm creating certificates that reference localhost and 127.0.0.1 as the SAN entries. You may wish to remove (and save) your existing localhost certificates from the Windows and Firefox Certificate Manager before proceding; backing up all files for your current configuration is, of course, a wise thing to do, in any case.
Batch file: setEnvironmentVariables.bat:
- Code: Select all
@echo off
REM This is setEnvironmentVariables.bat
REM
REM This file sets environment variables needed in the A.BAT and B.BAT routines
REM It also writes configurations to a configuration file,
REM by default named config.cnf below (change if desired)
REM
REM A.BAT and B.BAT both call this batch file.
REM
REM Default names are provided for the first 5 variables;
REM you *must* provide something to replace the {{XYZ}} variables that follow.
REM
REM Also, in the A.BAT and B.BAT files, replace "foobar" with an original passphrase
set CAFILE=myCA
set CN=localhost
set CONFIG=config.cnf
set HOSTFILE=myLocalhost
REM Notice that %EXTFILE% requires that %HOSTFILE% be defined before it is defined!
set EXTFILE=%HOSTFILE%.ext
set COUNTRY={{MyCountry}}
set STATE={{MyState}}
set LOCALITY={{MyCity}}
set ORGANIZATION={{MyOrganization}}
set ORGANIZATIONALUNIT={{MyDepartment}}
set EMAIL={{MyEmail}}
REM Write configurations to the config file:
echo [req]> %CONFIG%
echo distinguished_name = req_distinguished_name>> %CONFIG%
echo x509_extensions = v3_req>> %CONFIG%
echo prompt = no>> %CONFIG%
echo [req_distinguished_name]>> %CONFIG%
echo C = %COUNTRY%>> %CONFIG%
echo ST = %STATE%>> %CONFIG%
echo L = %LOCALITY%>> %CONFIG%
echo O = %ORGANIZATION%>> %CONFIG%
echo OU = %ORGANIZATIONALUNIT%>> %CONFIG%
echo CN = %CN%>> %CONFIG%
echo emailAddress = %EMAIL%>> %CONFIG%
echo [v3_req]>> %CONFIG%
echo basicConstraints=CA:TRUE,pathlen:0>> %CONFIG%
echo subjectKeyIdentifier = hash>> %CONFIG%
echo authorityKeyIdentifier = keyid,issuer>> %CONFIG%
echo subjectAltName = @alt_names>> %CONFIG%
echo [alt_names]>> %CONFIG%
echo DNS.1 = %CN%>> %CONFIG%
echo DNS.2 = 127.0.0.1>> %CONFIG%
unsetEnvironmentVariables.bat:
- Code: Select all
@echo off
REM This is unsetEnvironmentVariables.bat
set CAFILE=
set CN=
set CONFIG=
set HOSTFILE=
set EXTFILE=
set COUNTRY=
set STATE=
set LOCALITY=
set ORGANIZATION=
set ORGANIZATIONALUNIT=
set EMAIL=
a.bat:
- Code: Select all
@echo off
rem This is A.BAT
cls
echo.
echo setEnvironmentVariables.bat is assumed to have been edited!
call setEnvironmentVariables
echo.
echo Creating CA KEY file...
echo.
openssl genrsa -des3 -passout pass:foobar -out %CAFILE%.key 2048
echo.
echo Creating CA PEM file...
echo.
openssl req -passin pass:foobar -x509 -new -nodes -key %CAFILE%.key -sha256 -days 3650 -config %CONFIG% -out %CAFILE%.pem
echo.
echo Next, register the %CAFILE%.PEM file with Windows and Firefox, then run b.bat.
echo Press any key to continue to instructions.
echo.
pause
cls
echo.
echo In Windows:
echo.
echo * Run Winkey-^>MMC
echo * File -^> Add/Remove Snap-in... (Ctrl^+M)
echo * Under "Available snap-ins", click "Certificates"
echo * Click [Add] button; a modal dialog window will appear
echo * Select "Computer Account" radio button and click [Next] button
echo * Local Computer should be selected in next window; click [Finish] button
echo * Click [OK] back on "Add or Remove Snap-ins" modal window
echo * Expand "Certificates" under "Console Root" in left pane
echo * Expand "Trusted Root Certificates"
echo * Right-click "Certificates" in folder below
echo * Select "All Tasks" -^> Import...
echo * Click [Next] and then browse to select the PEM file created by this batch file routine
echo * In following prompts, place PEM certificate in Trusted Root Certification Authorities Store
echo.
echo Press any key to continue to instructions for adding the PEM to Firefox.
pause
echo.
cls
echo In Firefox:
echo.
echo * Go to "about:preferences" in URL
echo * Search for "certificates"
echo * Click on [View Certificates]
echo * Click on "Authorities" tab
echo * Click on "Imports"
echo * Import the PEM file, checking all boxes to trust the certificate
echo * Click [OK] and you're done
echo.
echo When finished with this, run b.bat and follow its instructions at the end.
echo.
call unsetEnvironmentVariables
b.bat
- Code: Select all
@echo off
rem This is B.BAT
cls
echo.
echo setEnvironmentVariables.bat is assumed to have been edited!
call setEnvironmentVariables
echo.
echo Creating localhost KEY file
openssl genrsa -out %HOSTFILE%.key 2048
echo.
echo.
echo Creating localhost CSR file
openssl req -new -key %HOSTFILE%.key -out %HOSTFILE%.csr -config %CONFIG%
echo.
echo.
echo Writing EXTFILE for last routine...
echo.
echo authorityKeyIdentifier=keyid,issuer > %EXTFILE%
echo basicConstraints=CA:FALSE >> %EXTFILE%
echo keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment >> %EXTFILE%
echo subjectAltName = @alt_names >> %EXTFILE%
echo.>> %EXTFILE%
echo [alt_names] >> %EXTFILE%
echo DNS.1 = %CN% >> %EXTFILE%
echo DNS.2 = 127.0.0.1 >> %EXTFILE%
echo.
echo Writing localhost CRT file
echo.
openssl x509 -req -passin pass:foobar -in %HOSTFILE%.csr -CA %CAFILE%.pem -CAkey %CAFILE%.key -CAcreateserial -out %HOSTFILE%.crt -days 3650 -sha256 -extfile %EXTFILE%
echo.
echo.
echo Next, edit Windows HOST and HTTPD-VHOSTS.CONF and copy files to Xampp/Apache.
echo Press any key to continue to instructions.
echo.
pause
cls
echo.
echo * Edit C:\Windows\System32\drivers\etc\hosts to include the localhost name specified in the PEM
echo * Edit C:\xampp\apache\conf\extra\httpd-vhosts.conf to include the localhost name specified in the PEM
echo * Copy the .KEY file created by this routine to C:\xampp\apache\conf\ssl.key
echo * Copy the .CRT file created by this routine to C:\xampp\apache\conf\ssl.crt
echo * Restart Xampp/Apache and you're done.
call unsetEnvironmentVariables
I hope this is helpful to someone. It has ended a 2-year-long headache for me.