Assume we are going to visit the website that is only known by our little circle, and we want to protect the connections so HTTPS will be used. Because this is a small circle, we don't want to send a X.509 request to a CA and wait for the certificate. We want to use a self-signed X.509 certificate. Now, the problem is how to add our self-signed X.509 certificate to WebView2 ecosystem, so that the embedded browser is able to visit the website? Thanks.
Asked
Active
Viewed 979 times
1 Answers
1
WebView2 uses the computer's certificate store, just like the Edge browser.
So you simply install your self-signed certificate in the certificate store, under 'Trusted root certificates'. Now the computer accepts the certificate and so will WebView2.
Actually I recommend you create two certificates, on root certificate, which can only be used for signing (That's the one you install in 'Root certificate store'), and then you use that certificate to sign your server certificate, which you install on the web server. Since this certificate is signed by a trusted certificate, the browser/WebView2 will accept it.
The root certificate must be installed on all computers, where you use WebView2. The server cerficate should only be installed on your server.
Poul Bak
- 10,450
- 5
- 32
- 57
-
Is it possible to install a certificate that isn't system-wide, so that only my application is aware of its existence? Thanks. – Cody Feb 16 '22 at 13:48
-
1I'm not aware of that, haven't found anything in documentation. You can use a custom client certificate, but that's totally different. – Poul Bak Feb 16 '22 at 14:08
-
1You can use a Windows Powershell script to install the certificates. Here's a link: https://stackoverflow.com/questions/19441155/how-to-create-a-self-signed-certificate-for-a-domain-name-for-development-on-win/51261506#51261506 – Poul Bak Feb 16 '22 at 14:10
-
I was hoping that there might be a function that accepts .pem file, but apparently there isn't such feature. Thanks for confirming that. – Cody Feb 16 '22 at 14:21