9

I understand to use https with Vue CLI I can set "https: true" under devServer in a vue.config.js file, but I also need a self signed certificate.

I've tried generating a self signed one using OpenSSL and using the following in my vue.config.js file to target:

const fs = require('fs');

module.exports = {
    devServer: {
        port: '8081',
        https: {
            key: fs.readFileSync('./certs/server.key'),
            cert: fs.readFileSync('./certs/server.cert'),
        },
    },
};

Chrome confirms it's using my certificate but still shows https as "Not secure"

enter image description here

How can I make chrome assess my self signed certificate as secure when providing it via Vue CLI?

blarg
  • 3,773
  • 11
  • 42
  • 71
  • Are you trying to use a cert with the subject name of 'localhost'? Cuz...........that'll have to be self signed. If you want to use a public cert to protect your site, you need to get a cert for "vue-gui.mydomain.com" (or whatever the URL is), a wildcard cert would also work... but in no way would a public cert provider give you a cert for 'localhost'.. – Matt Oestreich Apr 23 '19 at 14:22
  • For what URL are you trying to generate a cert for? Do you have a local cert authority? [Please see this link for more info](https://letsencrypt.org/docs/certificates-for-localhost/) - typically generating a cert for 'localhost' is not a good thing.. – Matt Oestreich Apr 23 '19 at 14:45
  • 2
    [mkcert](https://github.com/FiloSottile/mkcert) makes it this trivial. It will generate a root CA and install the cert into the trusted stores for Chrome and Firefox. – Brian Lee Apr 23 '19 at 15:43
  • @DigitalDrifter I installed mkcert and it's working! – blarg Apr 23 '19 at 15:55
  • if on Chrome see this answer: https://stackoverflow.com/a/31900210/3660269 – Godsayah Oct 01 '19 at 20:27

6 Answers6

8

Simply enter this in your Chrome

chrome://flags/#allow-insecure-localhost

Set to Enabled, restart Chrome, and you're good to go.

ssten
  • 1,848
  • 1
  • 16
  • 28
6

My problem was that everybody talks about putting the cert properties in the "https" child configuration node, but this doesn't work, you hve to put it in the devServer config node:

module.exports = {
devServer: {
    port: '8081',
    https: {
       key: fs.readFileSync('./certs/server.key'),
          --> this is WRONG

This is the correct way:

module.exports = {
  devServer: {
    disableHostCheck: true,
    port:8080,
    host: 'xxxxxx',
    https: true,
    //key: fs.readFileSync('./certs/xxxxxx.pem'),
    //cert: fs.readFileSync('./certs/xxxxxx.pem'),
    pfx: fs.readFileSync('./certs/xxxxxx.pfx'),
    pfxPassphrase: "xxxxxx",
    public: 'https://xxxxxx:9000/',
    https: true,
    hotOnly: false,
   }
}
Emmanuel
  • 7,574
  • 3
  • 24
  • 22
4

Use the network path rather than loopback or localhost. For example

https://192.168.2.210:8080/

works fine, while

https://localhost:8080/ and https://127.0.0.1:8080 balk at the certificate problem.

Andy
  • 41
  • 3
  • This simply works, thanks I also needed to change my Java API address (.env.dev) to 127.0.0.1:8081 to stop the HTTP 307 redirection to HTTPS – Alexandre Dec 02 '21 at 19:27
1

You are doing right, but you also have to add the self-signed cert inside certification authorities of your browser, as it is self-signed.

Instead of using a self-signed certificate, you can also create a root certificate, and then generate a localhost or other server identifier certificate. I recommend this solution because this way you can generate certificates for all non production environments and import only one custom certification authority.

There are many sites where you can find how to do it, one of them I think it's very clear is How to create an HTTPS certificate for localhost domains. Basically you have to follow these steps described in that link:

  1. Generate certification authority key:

    openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=Example-Root-CA"

Here we have to change the parameters as we wish, mainly -sub parameter.

  1. Generate certificate for certification authority

    openssl x509 -outform pem -in RootCA.pem -out RootCA.crt

  2. Generate key for localhost

    openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost.local"

Where you have to change -subj as you need or leave it that way.

  1. Generate localhost certificate by creating a certificate config file and request openssl to generate it.

This is the certificate config file:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = fake1.local
DNS.3 = fake2.local

And this is the command to generate the certificate:

openssl x509 -req -sha256 -days 1024 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt

Once you have the certificate, you have to import the certification authority on your preferred browser. You can, also, follow 3 and 4 steps for every server or virtual machine you need for development and use them without needing to import new certification authorities in your browser.

Rodrigo
  • 91
  • 1
  • 5
1

If you have legit certificates Chad Carter gives a good explanation here: https://stackoverflow.com/a/57226788/2363056

The steps are as follows:

  1. create vue.config.js in your projects root (if not there already)
  2. add the following code to it:
const fs = require('fs')

module.exports = {
    devServer: {
    port:8080,
    host: 'example.com',
    https: true,
    key: fs.readFileSync('/etc/ssl/keys/example.com.pem'),
    cert: fs.readFileSync('/etc/ssl/keys/example.com/cert.pem'),
    https: true,
    hotOnly: false,
    }
}
  1. when serving your project, ensure https is enabled (ie. $ vue-cli-service serve --https true)
HyperActive
  • 1,129
  • 12
  • 12
0

I use the mkcert to create trusted https cert on windows OS. mkcert. the local config

the bat cmd content

Last thing you should do is openning your OS explorer, click the install.bat file

kevin Sue
  • 41
  • 3