2

I recently deployed a Dart server application that serves HTTP requests. I wanted to add support for HTTPS so I have been trying to add SSL to the Dart server application.

This answer gives a clear explanation of how to add a self-signing SSL certificate to Dart. However, I want to add an SSL certificate I bought from an SSL provider.

The SSL provider e-mailed my 4 files:

  • Root CA Certificate - AddTrustExternalCARoot.crt
  • Intermediate CA Certificate - COMODORSAAddTrustCA.crt
  • Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
  • Your PositiveSSL Certificate - my_domain.crt

I have been trying to figure out how certutil works and how to add these certificates to the certificate database, but I just can't figure it all out.

Anyone with experience enabling a CA SSL certificate in Dart?

SOLVED: Thanks to suggestion in the comments, I solved the issue. This is the gist of my complete setup: https://gist.github.com/stevenroose/e6abde14258971eae982

Community
  • 1
  • 1
Steven Roose
  • 2,731
  • 4
  • 29
  • 46
  • I think `certutil` is more an system admin question. Have you considered asking about it at http://unix.stackexchange.com/ or http://superuser.com/ ? – Günter Zöchbauer Nov 27 '14 at 05:00
  • I did not. But indeed, the problem is twofold. First I need to figure out how to setup `certutil` and then how to configure Dart. – Steven Roose Nov 27 '14 at 08:13
  • I didn't dive into this problem myself at all yet, but I assume that from the Dart perspective there is no difference between self-signed and certificates from a provider. The question is fine here and I would like to see a good answer to this question. I just want to make you aware that there are places where it might be more likely to find a solution. – Günter Zöchbauer Nov 27 '14 at 08:17
  • Good luck with that. I opened at least 4 issues on that, with no answer from the dart team. The SSL management in Dart is the worst in the business. – Emanuele Sabetta Nov 27 '14 at 18:18
  • Can you please add the content from the Gist as an answer instead of a link. – Günter Zöchbauer Nov 29 '14 at 00:31
  • Also please see [this answer](http://stackoverflow.com/a/27417945/3854798) to a similar question on Stack Overflow. – Cristian Almstrand Dec 18 '14 at 07:17

2 Answers2

7

First of all, you probably have three files generated with openssl for your private key, server certificate and CA certificate. To convert all those into a PKCS12 file, you can use openssl:

openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt -certfile CAcert.crt

Then, you can adapt the certutil commands as shown to load you PKCS12 instead of generating new certificates:

certutil -N -d sql:certdb
certutil -A -n mycertnick -i server.crt -t "TCu,Cu,Tuw" -d sql:certdb
certutil -A -n myCA -i CAcert.crt -t "TCu,Cu,Tuw" -d sql:certdb
pk12util -i server.p12 -d sql:certdb

It seems to work with the sample code in the referenced question.

Eric Darchis
  • 24,537
  • 4
  • 28
  • 49
0

Unfortunately the SSL management in Dart is known to be very lacking. I reported this many times, with no serious answer from the Dart team. Star this issue if you want something done about it: https://code.google.com/p/dart/issues/detail?id=20967

Emanuele Sabetta
  • 1,571
  • 12
  • 34