davewasmer / devcert Goto Github PK

Just came across this via preact-cli -- what a wonderful experience! Awesome lib 🎉

Was getting a failure on the openssl req -config command because the common name was too long.

This should truncate the common name at 64 characters if it exceeds it.

↳ openssl req -config /Users/todd/.config/devcert/openssl.conf -subj "/CN=-Users-todd-src-showrunner-node_modules-@scriptollc-code-mirror-ot-standalone.js" -key /Users/todd/.config/devcert/-Users-todd-src-showrunner-node_modules-@scriptollc-code-mirror-ot-standalone.js.key -out /Users/todd/.config/devcert/-Users-todd-src-showrunner-node_modules-@scriptollc-code-mirror-ot-standalone.js.csr -new
problems making Certificate Request
4550:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/asn1/a_mbstr.c:154:maxsize=64

Error: Command failed: openssl ca -config "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949kpPFsM66Rz9G.tmp" -in "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate-signing-request.csr" -out "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate.crt" -keyfile "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-179494IctCHu1hUbE.tmp" -cert "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949Inm9Be39jIHK.tmp" -days 7000 -batch
Using configuration from /var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949kpPFsM66Rz9G.tmp
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'parser22.localhost'
Certificate is to be certified until Mar 12 03:49:26 2038 GMT (7000 days)
failed to update database
TXT_DB error number 2

Details:

prams log Certificate requested for parser22.localhost. Skipping certutil install: false. Skipping hosts file: false
prams log Can't find certificate file for parser22.localhost, so it must be the first request for parser22.localhost. Generating and caching ...
ca -config "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949kpPFsM66Rz9G.tmp" -in "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate-signing-request.csr" -out "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate.crt" -keyfile "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-179494IctCHu1hUbE.tmp" -cert "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949Inm9Be39jIHK.tmp" -days 7000 -batch
Error open ssl ca { Error: Command failed: openssl ca -config "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949kpPFsM66Rz9G.tmp" -in "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate-signing-request.csr" -out "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate.crt" -keyfile "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-179494IctCHu1hUbE.tmp" -cert "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949Inm9Be39jIHK.tmp" -days 7000 -batch
Using configuration from /var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949kpPFsM66Rz9G.tmp
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'parser22.localhost'
Certificate is to be certified until Mar 12 03:49:26 2038 GMT (7000 days)
failed to update database
TXT_DB error number 2

at checkExecSyncError (child_process.js:613:13)
at Object.execSync (child_process.js:653:13)
at Object.childProcess.(anonymous function) [as execSync] (ELECTRON_ASAR.js:689:22)
at run (/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/devcert/dist/utils.js:22:28)
at Object.openssl (/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/devcert/dist/utils.js:12:12)
at constants_1.withDomainCertificateConfig (/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/devcert/dist/certificates.js:37:33)
at Object.withDomainCertificateConfig (/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/devcert/dist/constants.js:45:5)
at certificate_authority_1.withCertificateAuthorityCredentials (/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/devcert/dist/certificates.js:34:29)
at Object.<anonymous> (/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/devcert/dist/certificate-authority.js:89:15)
at Generator.next (<anonymous>)
at fulfilled (/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/devcert/node_modules/tslib/tslib.js:104:62)
at <anonymous>
at process._tickCallback (internal/process/next_tick.js:188:7)

error: null,
cmd: 'openssl ca -config "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949kpPFsM66Rz9G.tmp" -in "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate-signing-request.csr" -out "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate.crt" -keyfile "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-179494IctCHu1hUbE.tmp" -cert "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949Inm9Be39jIHK.tmp" -days 7000 -batch',
file: '/bin/sh',
args:
[ '/bin/sh',
'-c',
'openssl ca -config "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949kpPFsM66Rz9G.tmp" -in "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate-signing-request.csr" -out "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate.crt" -keyfile "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-179494IctCHu1hUbE.tmp" -cert "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949Inm9Be39jIHK.tmp" -days 7000 -batch' ],
options:
{ stdio: [ [Object], [Object], [Object] ],
env:
{ RANDFILE: '/Users/sarbadajaiswal/Library/Application Support/devcert/.rnd',
npm_package_devDependencies_lint_staged: '^7.2.0',
npm_package_devDependencies_react_dom: '^16.0.0',
REACT_APP_NAVI_APP_DOWNLOAD_LINK_LINUX: 'https://s3.amazonaws.com/locallockbox/Navi.deb',
npm_package_build_directories_buildResources: 'resources',
npm_package_build_productName: 'NAVI',
npm_package_devDependencies_babel_plugin_transform_class_properties: '^6.24.1',
npm_package_devDependencies_electron_builder: '^20.26.1',
npm_package_dependencies_node_env_file: '^0.1.8',
rvm_use_flag: '',
npm_package_devDependencies_url_loader: '^1.0.1',
TERM_PROGRAM: 'iTerm.app',
rvm_bin_path: '/Users/sarbadajaiswal/.rvm/bin',
npm_package_devDependencies_env_cmd: '^8.0.2',
npm_package_devDependencies_file_loader: '^1.1.5',
NODE: '/usr/local/bin/node',
npm_config_version_git_tag: 'true',
npm_package_homepage: 'https://app.navihq.com/',
npm_package_scripts_prod: 'cp .env.production ./app/.env && webpack --config webpack.build.config.js && electron --noDevServer .',
GEM_HOME: '/Users/sarbadajaiswal/.rvm/gems/ruby-2.4.1',
rvm_quiet_flag: '',
INIT_CWD: '/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron',
REACT_APP_API_URL: 'http://localhost:3020',
SHELL: '/bin/zsh',
TERM: 'xterm-256color',
rvm_gemstone_url: '',
npm_package_devDependencies_electron_packager: '^9.1.0',
npm_package_devDependencies_style_loader: '^0.19.0',
REACT_APP_NAVI_APP_DOWNLOAD_LINK_MACOS: 'https://s3.amazonaws.com/locallockbox/Navi.dmg',
npm_package_build_files_2: 'node_modules//*',
TMPDIR: '/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/',
IRBRC: '/Users/sarbadajaiswal/.rvm/rubies/ruby-2.4.1/.irbrc',
rvm_docs_type: '',
npm_config_init_license: 'MIT',
npm_package_build_files_3: 'package.json',
npm_package_devDependencies_babili_webpack_plugin: '^0.1.2',
npm_package_devDependencies_electron_positioner: '^3.0.1',
npm_package_dependencies_kill_port: '^1.3.1',
Apple_PubSub_Socket_Render: '/private/tmp/com.apple.launchd.AxqC0igzsW/Render',
npm_package_build_files_0: 'app//',
npm_package_devDependencies_babel_core: '^6.24.1',
TERM_PROGRAM_VERSION: '3.2.5',
npm_package_build_files_1: 'dist/**/',
npm_package_scripts_dev: 'env-cmd .env.development webpack-dev-server --hot --host 0.0.0.0 --config=./webpack.dev.config.js',
npm_package_devDependencies_sass_loader: '^7.0.3',
TERM_SESSION_ID: 'w0t0p8:689EB754-A489-4D8B-B47E-E142D349FC37',
MY_RUBY_HOME: '/Users/sarbadajaiswal/.rvm/rubies/ruby-2.4.1',
rvm_hook: '',
npm_config_registry: 'https://registry.yarnpkg.com',
npm_package_build_files_4: 'main.js',
npm_package_build_files_5: 'credentials.json',
npm_package_devDependencies_extract_text_webpack_plugin: '^3.0.1',
ZSH: '/Users/sarbadajaiswal/.oh-my-zsh',
npm_package_readmeFilename: 'README.md',
NAVI_ENV: 'local',
npm_config_python: '/usr/bin/python',
npm_package_description: 'Official NAVI Lockbox',
npm_package_build_directories_output: 'releases',
npm_package_devDependencies_react: '^16.0.0',
npm_package_devDependencies_webpack: '^3.6.0',
USER: 'sarbadajaiswal',
npm_package_license: 'MIT',
npm_package_build_win_certificateFile: 'cert/NAVI.pfx',
npm_package_dependencies_websocket: '^1.0.26',
rvm_gemstone_package_file: '',
npm_package_devDependencies_eslint_loader: '^2.0.0',
COMMAND_MODE: 'unix2003',
system_type: 'Darwin',
npm_package_lint_staged_ignore_1: 'webpack.build.config.js',
npm_package_lint_staged_ignore_0: 'webpack.dev.config.js',
npm_package_devDependencies_webpack_dev_server: '^2.4.5',
npm_package_dependencies_node_yaml: '^3.1.1',
rvm_path: '/Users/sarbadajaiswal/.rvm',
npm_package_devDependencies_babel_loader: '^7.1.2',
SSH_AUTH_SOCK: '/private/tmp/com.apple.launchd.Vd3Vt5lRTU/Listeners',
REACT_APP_PARSER_URL: 'http://localhost:9090',
npm_package_scripts_stag_mac: 'cp .env.staging ./app/.env && webpack --config webpack.stag.config.js && build -m --dir',
npm_package_devDependencies_eslint: '^5.1.0',
__CF_USER_TEXT_ENCODING: '0x1F5:0x0:0x0',
REACT_APP_WEB_URL: 'http://localhost:3000',
npm_package_dependencies_devcert: '',
npm_execpath: '/usr/local/Cellar/yarn/1.12.3/libexec/bin/yarn.js',
rvm_proxy: '',
PAGER: 'less',
rvm_ruby_file: '',
npm_package_author_name: 'NAVIHQ',
npm_package_devDependencies_babel_plugin_import: '^1.8.0',
npm_package_devDependencies_babel_preset_react: '^6.24.1',
LSCOLORS: 'Gxfxcxdxbxegedabagacad',
REACT_APP_GO_SOCKET_PORT: '8888',
npm_package_dependencies_prop_types: '^15.6.2',
rvm_prefix: '/Users/sarbadajaiswal',
rvm_silent_flag: '',
npm_package_build_dmg_title: '${productName} ${version}',
npm_config_argv: '{"remain":[],"cooked":["run","dev"],"original":["dev"]}',
PATH: '/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/yarn--1547178554060-0.7591251666671179:/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/node_modules/.bin:/Users/sarbadajaiswal/.config/yarn/link/node_modules/.bin:/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/node_modules/.bin:/Users/sarbadajaiswal/.config/yarn/link/node_modules/.bin:/usr/local/libexec/lib/node_modules/npm/bin/node-gyp-bin:/usr/local/lib/node_modules/npm/bin/node-gyp-bin:/usr/local/bin/node_modules/npm/bin/node-gyp-bin:/Users/sarbadajaiswal/.rvm/gems/ruby-2.4.1/bin:/Users/sarbadajaiswal/.rvm/gems/ruby-2.4.1@global/bin:/Users/sarbadajaiswal/.rvm/rubies/ruby-2.4.1/bin:/usr/local/opt/nss/bin:/usr/local/opt/node@8/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/go/bin:/Users/sarbadajaiswal/.rvm/bin',
rvm_ruby_make: '',
npm_package_devDependencies_babel_preset_es2016: '^6.24.1',
NAVI_PATH: '/Users/sarbadajaiswal/.navi',
_: '/usr/local/bin/node',
npm_package_build_appId: 'app.navihq.com',
REACT_APP_NAVI_APP_DOWNLOAD_LINK_WIN: 'https://s3.amazonaws.com/locallockbox/Navi.exe',
npm_package_scripts_prod_mac: 'cp .env.production ./app/.env && webpack --config webpack.build.config.js && build -m --dir',
PWD: '/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron',
npm_lifecycle_event: 'dev',
npm_package_name: 'navi',
npm_package_build_win_publisherName: 'NAVI',
LANG: 'en_US.UTF-8',
rvm_sdk: '',
ITERM_PROFILE: 'Default',
npm_config_version_commit_hooks: 'true',
npm_package_scripts_build: 'webpack --config webpack.build.config.js',
npm_package_dependencies_react_router_dom: '^4.3.1',
XPC_FLAGS: '0x0',
_system_arch: 'x86_64',
NODE_ENV: 'development',
npm_config_bin_links: 'true',
npm_package_scripts_stag_pack: 'cp .env.staging ./app/.env && webpack --config webpack.stag.config.js && build',
npm_package_scripts_make_cert: 'electron-builder create-self-signed-cert -p NAVI',
_system_version: '10.14',
npm_package_main: 'main.js',
npm_package_build_win_verifyUpdateCodeSignature: 'false',
npm_package_dependencies_portscanner: '^2.2.0',
npm_package_version: '0.0.6',
npm_package_scripts_prod_pack: 'cp .env.production ./app/.env && webpack --config webpack.build.config.js && build',
XPC_SERVICE_NAME: '0',
npm_package_lint_staged_linters___js_0: 'eslint --fix',
npm_package_dependencies_wait_port: '^0.2.2',
rvm_version: '1.29.3 (latest)',
REACT_APP_PARSER_PORT: '9090',
npm_package_lint_staged_linters___js_1: 'git add',
COLORFGBG: '0;15',
HOME: '/Users/sarbadajaiswal',
SHLVL: '6',
rvm_pretty_print_flag: '',
rvm_script_name: '',
rvm_ruby_mode: '',
npm_config_strict_ssl: 'true',
npm_config_save_prefix: '^',
npm_package_build_linux_category: 'Utility',
npm_config_version_git_message: 'v%s',
npm_package_devDependencies_babel_eslint: '^8.2.5',
npm_package_devDependencies_husky: '^0.14.3',
NPM_CONFIG_PYTHON: '/usr/bin/python',
ITERM_SESSION_ID: 'w0t0p8:689EB754-A489-4D8B-B47E-E142D349FC37',
npm_package_scripts_stag: 'cp .env.staging ./app/.env && webpack --config webpack.stag.config.js && electron --noDevServer .',
npm_package_devDependencies_html_webpack_plugin: '^2.28.0',
npm_package_dependencies_fs_extra: '^7.0.0',
npm_package_dependencies_googleapis: '^32.0.0',
YARN_WRAP_OUTPUT: 'false',
LOGNAME: 'sarbadajaiswal',
LESS: '-R',
npm_package_scripts_stag_unpack: 'cp .env.staging ./app/.env && webpack --config webpack.stag.config.js && build --dir',
npm_lifecycle_script: 'env-cmd .env.development webpack-dev-server --hot --host 0.0.0.0 --config=./webpack.dev.config.js',
rvm_alias_expanded: '',
PREFIX: '/usr/local',
npm_package_author_email: '[email protected]',
LC_CTYPE: 'en_US.UTF-8',
GEM_PATH: '/Users/sarbadajaiswal/.rvm/gems/ruby-2.4.1:/Users/sarbadajaiswal/.rvm/gems/ruby-2.4.1@global',
rvm_wrapper_name: '',
npm_package_dependencies_auto_launch: '^5.0.5',
npm_package_dependencies_mkdirp: '^0.5.1',
npm_config_user_agent: 'yarn/1.12.3 npm/? node/v8.11.2 darwin x64',
npm_config_ignore_scripts: '',
npm_config_version_git_sign: '',
rvm_nightly_flag: '',
rvm_ruby_make_install: '',
npm_package_scripts_prod_unpack: 'cp .env.production ./app/.env && webpack --config webpack.build.config.js && build --dir',
npm_package_devDependencies_dotenv_webpack: '^1.5.7',
npm_package_dependencies_unzipper: '^0.9.2',
rvm_niceness: '',
rvm_ruby_bits: '',
npm_config_ignore_optional: '',
npm_config_init_version: '1.0.0',
npm_package_build_linux_target: 'deb',
npm_package_dependencies_antd: '^3.6.6',
rvm_bin_flag: '',
npm_package_devDependencies_css_loader: '^0.28.1',
npm_package_devDependencies_node_sass: '^4.9.0',
SECURITYSESSIONID: '186a8',
RUBY_VERSION: 'ruby-2.4.1',
rvm_only_path_flag: '',
npm_package_scripts_precommit: 'lint-staged',
npm_package_devDependencies_electron: '^2.0.3',
_system_name: 'OSX',
REACT_APP_CREATE_ACCOUNT_LINK: 'http://localhost:3000/auth/signup',
npm_config_version_tag_prefix: 'v',
npm_package_devDependencies_eslint_plugin_react: '^7.10.0',
npm_node_execpath: '/usr/local/bin/node',
COLORTERM: 'truecolor',
GOOGLE_API_KEY: 'AIzaSyAQfxPJiounkhOjODEO5ZieffeBv6yft2Q',
ENV_FILE: '/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/app/.env' },
shell: true,
file: '/bin/sh',
args:
[ '/bin/sh',
'-c',
'openssl ca -config "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949kpPFsM66Rz9G.tmp" -in "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate-signing-request.csr" -out "/Users/sarbadajaiswal/Library/Application Support/devcert/domains/parser22.localhost/certificate.crt" -keyfile "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-179494IctCHu1hUbE.tmp" -cert "/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/tmp-17949Inm9Be39jIHK.tmp" -days 7000 -batch' ],
envPairs:
[ 'RANDFILE=/Users/sarbadajaiswal/Library/Application Support/devcert/.rnd',
'npm_package_devDependencies_lint_staged=^7.2.0',
'npm_package_devDependencies_react_dom=^16.0.0',
'REACT_APP_NAVI_APP_DOWNLOAD_LINK_LINUX=https://s3.amazonaws.com/locallockbox/Navi.deb',
'npm_package_build_directories_buildResources=resources',
'npm_package_build_productName=NAVI',
'npm_package_devDependencies_babel_plugin_transform_class_properties=^6.24.1',
'npm_package_devDependencies_electron_builder=^20.26.1',
'npm_package_dependencies_node_env_file=^0.1.8',
'rvm_use_flag=',
'npm_package_devDependencies_url_loader=^1.0.1',
'TERM_PROGRAM=iTerm.app',
'rvm_bin_path=/Users/sarbadajaiswal/.rvm/bin',
'npm_package_devDependencies_env_cmd=^8.0.2',
'npm_package_devDependencies_file_loader=^1.1.5',
'NODE=/usr/local/bin/node',
'npm_config_version_git_tag=true',
'npm_package_homepage=https://app.navihq.com/',
'npm_package_scripts_prod=cp .env.production ./app/.env && webpack --config webpack.build.config.js && electron --noDevServer .',
'GEM_HOME=/Users/sarbadajaiswal/.rvm/gems/ruby-2.4.1',
'rvm_quiet_flag=',
'INIT_CWD=/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron',
'REACT_APP_API_URL=http://localhost:3020',
'SHELL=/bin/zsh',
'TERM=xterm-256color',
'rvm_gemstone_url=',
'npm_package_devDependencies_electron_packager=^9.1.0',
'npm_package_devDependencies_style_loader=^0.19.0',
'REACT_APP_NAVI_APP_DOWNLOAD_LINK_MACOS=https://s3.amazonaws.com/locallockbox/Navi.dmg',
'npm_package_build_files_2=node_modules/**/',
'TMPDIR=/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/',
'IRBRC=/Users/sarbadajaiswal/.rvm/rubies/ruby-2.4.1/.irbrc',
'rvm_docs_type=',
'npm_config_init_license=MIT',
'npm_package_build_files_3=package.json',
'npm_package_devDependencies_babili_webpack_plugin=^0.1.2',
'npm_package_devDependencies_electron_positioner=^3.0.1',
'npm_package_dependencies_kill_port=^1.3.1',
'Apple_PubSub_Socket_Render=/private/tmp/com.apple.launchd.AxqC0igzsW/Render',
'npm_package_build_files_0=app//*',
'npm_package_devDependencies_babel_core=^6.24.1',
'TERM_PROGRAM_VERSION=3.2.5',
'npm_package_build_files_1=dist//',
'npm_package_scripts_dev=env-cmd .env.development webpack-dev-server --hot --host 0.0.0.0 --config=./webpack.dev.config.js',
'npm_package_devDependencies_sass_loader=^7.0.3',
'TERM_SESSION_ID=w0t0p8:689EB754-A489-4D8B-B47E-E142D349FC37',
'MY_RUBY_HOME=/Users/sarbadajaiswal/.rvm/rubies/ruby-2.4.1',
'rvm_hook=',
'npm_config_registry=https://registry.yarnpkg.com',
'npm_package_build_files_4=main.js',
'npm_package_build_files_5=credentials.json',
'npm_package_devDependencies_extract_text_webpack_plugin=^3.0.1',
'ZSH=/Users/sarbadajaiswal/.oh-my-zsh',
'npm_package_readmeFilename=README.md',
'NAVI_ENV=local',
'npm_config_python=/usr/bin/python',
'npm_package_description=Official NAVI Lockbox',
'npm_package_build_directories_output=releases',
'npm_package_devDependencies_react=^16.0.0',
'npm_package_devDependencies_webpack=^3.6.0',
'USER=sarbadajaiswal',
'npm_package_license=MIT',
'npm_package_build_win_certificateFile=cert/NAVI.pfx',
'npm_package_dependencies_websocket=^1.0.26',
'rvm_gemstone_package_file=',
'npm_package_devDependencies_eslint_loader=^2.0.0',
'COMMAND_MODE=unix2003',
'_system_type=Darwin',
'npm_package_lint_staged_ignore_1=webpack.build.config.js',
'npm_package_lint_staged_ignore_0=webpack.dev.config.js',
'npm_package_devDependencies_webpack_dev_server=^2.4.5',
'npm_package_dependencies_node_yaml=^3.1.1',
'rvm_path=/Users/sarbadajaiswal/.rvm',
'npm_package_devDependencies_babel_loader=^7.1.2',
'SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.Vd3Vt5lRTU/Listeners',
'REACT_APP_PARSER_URL=http://localhost:9090',
'npm_package_scripts_stag_mac=cp .env.staging ./app/.env && webpack --config webpack.stag.config.js && build -m --dir',
'npm_package_devDependencies_eslint=^5.1.0',
'__CF_USER_TEXT_ENCODING=0x1F5:0x0:0x0',
'REACT_APP_WEB_URL=http://localhost:3000',
'npm_package_dependencies_devcert=',
'npm_execpath=/usr/local/Cellar/yarn/1.12.3/libexec/bin/yarn.js',
'rvm_proxy=',
'PAGER=less',
'rvm_ruby_file=',
'npm_package_author_name=NAVIHQ',
'npm_package_devDependencies_babel_plugin_import=^1.8.0',
'npm_package_devDependencies_babel_preset_react=^6.24.1',
'LSCOLORS=Gxfxcxdxbxegedabagacad',
'REACT_APP_GO_SOCKET_PORT=8888',
'npm_package_dependencies_prop_types=^15.6.2',
'rvm_prefix=/Users/sarbadajaiswal',
'rvm_silent_flag=',
'npm_package_build_dmg_title=${productName} ${version}',
'npm_config_argv={"remain":[],"cooked":["run","dev"],"original":["dev"]}',
'PATH=/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/yarn--1547178554060-0.7591251666671179:/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/node_modules/.bin:/Users/sarbadajaiswal/.config/yarn/link/node_modules/.bin:/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/node_modules/.bin:/Users/sarbadajaiswal/.config/yarn/link/node_modules/.bin:/usr/local/libexec/lib/node_modules/npm/bin/node-gyp-bin:/usr/local/lib/node_modules/npm/bin/node-gyp-bin:/usr/local/bin/node_modules/npm/bin/node-gyp-bin:/Users/sarbadajaiswal/.rvm/gems/ruby-2.4.1/bin:/Users/sarbadajaiswal/.rvm/gems/ruby-2.4.1@global/bin:/Users/sarbadajaiswal/.rvm/rubies/ruby-2.4.1/bin:/usr/local/opt/nss/bin:/usr/local/opt/node@8/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/go/bin:/Users/sarbadajaiswal/.rvm/bin',
'rvm_ruby_make=',
'npm_package_devDependencies_babel_preset_es2016=^6.24.1',
'NAVI_PATH=/Users/sarbadajaiswal/.navi',
'=/usr/local/bin/node',
... 92 more items ],
killSignal: undefined },
envPairs:
[ 'RANDFILE=/Users/sarbadajaiswal/Library/Application Support/devcert/.rnd',
'npm_package_devDependencies_lint_staged=^7.2.0',
'npm_package_devDependencies_react_dom=^16.0.0',
'REACT_APP_NAVI_APP_DOWNLOAD_LINK_LINUX=https://s3.amazonaws.com/locallockbox/Navi.deb',
'npm_package_build_directories_buildResources=resources',
'npm_package_build_productName=NAVI',
'npm_package_devDependencies_babel_plugin_transform_class_properties=^6.24.1',
'npm_package_devDependencies_electron_builder=^20.26.1',
'npm_package_dependencies_node_env_file=^0.1.8',
'rvm_use_flag=',
'npm_package_devDependencies_url_loader=^1.0.1',
'TERM_PROGRAM=iTerm.app',
'rvm_bin_path=/Users/sarbadajaiswal/.rvm/bin',
'npm_package_devDependencies_env_cmd=^8.0.2',
'npm_package_devDependencies_file_loader=^1.1.5',
'NODE=/usr/local/bin/node',
'npm_config_version_git_tag=true',
'npm_package_homepage=https://app.navihq.com/',
'npm_package_scripts_prod=cp .env.production ./app/.env && webpack --config webpack.build.config.js && electron --noDevServer .',
'GEM_HOME=/Users/sarbadajaiswal/.rvm/gems/ruby-2.4.1',
'rvm_quiet_flag=',
'INIT_CWD=/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron',
'REACT_APP_API_URL=http://localhost:3020',
'SHELL=/bin/zsh',
'TERM=xterm-256color',
'rvm_gemstone_url=',
'npm_package_devDependencies_electron_packager=^9.1.0',
'npm_package_devDependencies_style_loader=^0.19.0',
'REACT_APP_NAVI_APP_DOWNLOAD_LINK_MACOS=https://s3.amazonaws.com/locallockbox/Navi.dmg',
'npm_package_build_files_2=node_modules//*',
'TMPDIR=/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/',
'IRBRC=/Users/sarbadajaiswal/.rvm/rubies/ruby-2.4.1/.irbrc',
'rvm_docs_type=',
'npm_config_init_license=MIT',
'npm_package_build_files_3=package.json',
'npm_package_devDependencies_babili_webpack_plugin=^0.1.2',
'npm_package_devDependencies_electron_positioner=^3.0.1',
'npm_package_dependencies_kill_port=^1.3.1',
'Apple_PubSub_Socket_Render=/private/tmp/com.apple.launchd.AxqC0igzsW/Render',
'npm_package_build_files_0=app//',
'npm_package_devDependencies_babel_core=^6.24.1',
'TERM_PROGRAM_VERSION=3.2.5',
'npm_package_build_files_1=dist/**/',
'npm_package_scripts_dev=env-cmd .env.development webpack-dev-server --hot --host 0.0.0.0 --config=./webpack.dev.config.js',
'npm_package_devDependencies_sass_loader=^7.0.3',
'TERM_SESSION_ID=w0t0p8:689EB754-A489-4D8B-B47E-E142D349FC37',
'MY_RUBY_HOME=/Users/sarbadajaiswal/.rvm/rubies/ruby-2.4.1',
'rvm_hook=',
'npm_config_registry=https://registry.yarnpkg.com',
'npm_package_build_files_4=main.js',
'npm_package_build_files_5=credentials.json',
'npm_package_devDependencies_extract_text_webpack_plugin=^3.0.1',
'ZSH=/Users/sarbadajaiswal/.oh-my-zsh',
'npm_package_readmeFilename=README.md',
'NAVI_ENV=local',
'npm_config_python=/usr/bin/python',
'npm_package_description=Official NAVI Lockbox',
'npm_package_build_directories_output=releases',
'npm_package_devDependencies_react=^16.0.0',
'npm_package_devDependencies_webpack=^3.6.0',
'USER=sarbadajaiswal',
'npm_package_license=MIT',
'npm_package_build_win_certificateFile=cert/NAVI.pfx',
'npm_package_dependencies_websocket=^1.0.26',
'rvm_gemstone_package_file=',
'npm_package_devDependencies_eslint_loader=^2.0.0',
'COMMAND_MODE=unix2003',
'system_type=Darwin',
'npm_package_lint_staged_ignore_1=webpack.build.config.js',
'npm_package_lint_staged_ignore_0=webpack.dev.config.js',
'npm_package_devDependencies_webpack_dev_server=^2.4.5',
'npm_package_dependencies_node_yaml=^3.1.1',
'rvm_path=/Users/sarbadajaiswal/.rvm',
'npm_package_devDependencies_babel_loader=^7.1.2',
'SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.Vd3Vt5lRTU/Listeners',
'REACT_APP_PARSER_URL=http://localhost:9090',
'npm_package_scripts_stag_mac=cp .env.staging ./app/.env && webpack --config webpack.stag.config.js && build -m --dir',
'npm_package_devDependencies_eslint=^5.1.0',
'__CF_USER_TEXT_ENCODING=0x1F5:0x0:0x0',
'REACT_APP_WEB_URL=http://localhost:3000',
'npm_package_dependencies_devcert=*',
'npm_execpath=/usr/local/Cellar/yarn/1.12.3/libexec/bin/yarn.js',
'rvm_proxy=',
'PAGER=less',
'rvm_ruby_file=',
'npm_package_author_name=NAVIHQ',
'npm_package_devDependencies_babel_plugin_import=^1.8.0',
'npm_package_devDependencies_babel_preset_react=^6.24.1',
'LSCOLORS=Gxfxcxdxbxegedabagacad',
'REACT_APP_GO_SOCKET_PORT=8888',
'npm_package_dependencies_prop_types=^15.6.2',
'rvm_prefix=/Users/sarbadajaiswal',
'rvm_silent_flag=',
'npm_package_build_dmg_title=${productName} ${version}',
'npm_config_argv={"remain":[],"cooked":["run","dev"],"original":["dev"]}',
'PATH=/var/folders/99/cpct41cn2kbchjzxvp3422p40000gn/T/yarn--1547178554060-0.7591251666671179:/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/node_modules/.bin:/Users/sarbadajaiswal/.config/yarn/link/node_modules/.bin:/Users/sarbadajaiswal/Projects/whitehatengineering/navi-electron/node_modules/.bin:/Users/sarbadajaiswal/.config/yarn/link/node_modules/.bin:/usr/local/libexec/lib/node_modules/npm/bin/node-gyp-bin:/usr/local/lib/node_modules/npm/bin/node-gyp-bin:/usr/local/bin/node_modules/npm/bin/node-gyp-bin:/Users/sarbadajaiswal/.rvm/gems/ruby-2.4.1/bin:/Users/sarbadajaiswal/.rvm/gems/ruby-2.4.1@global/bin:/Users/sarbadajaiswal/.rvm/rubies/ruby-2.4.1/bin:/usr/local/opt/nss/bin:/usr/local/opt/node@8/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/go/bin:/Users/sarbadajaiswal/.rvm/bin',
'rvm_ruby_make=',
'npm_package_devDependencies_babel_preset_es2016=^6.24.1',
'NAVI_PATH=/Users/sarbadajaiswal/.navi',
'=/usr/local/bin/node',
... 92 more items ],
stderr: <Buffer 55 73 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 72 6f 6d 20 2f 76 61 72 2f 66 6f 6c 64 65 72 73 2f 39 39 2f 63 70 63 74 34 31 63 6e 32 ... >,
stdout: ,
pid: 17968,
output:
[ null,
,
<Buffer 55 73 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 72 6f 6d 20 2f 76 61 72 2f 66 6f 6c 64 65 72 73 2f 39 39 2f 63 70 63 74 34 31 63 6e 32 ... > ],
signal: null,
status: 1 }
prams log Returning domain certificate
(node:17949) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
(node:17949) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
Hash: f20895932b4742179e5d
Version: webpack 3.12.0

every time I started the devcert, it is always asking me to enter the password, and I don't know.. ANything you type there, it asks again. There is no real docs on what to type on or anything. Any help? If any previous password is stored, which I must have forgot, any way to reset it?

Could you please explain in more details what are the security implications of having the local Trusted Root Certificate Authority generated by the devcert?

As far as I can tell port 80 is not supported. Non ssl server works fine, but when using https port 80 receives no traffic. Changing port to 3000 works fine.

Use case is testing as close to prod as possible locally.

We are currently looking at including this package in ionic-team/stencil-dev-server#19. One of the issues we have identified is that when a user is prompted for their password no context is provided as to why this is.

I would be nice to either expose an interface to ask if the SSL cert has been installed before or to provide a message to display if the SSL cert is trying to be installed.

cool project! Thanks for making it. I am using gatsbyjs which uses devcert and I was wondering if you had a suggested usage flow with docker?

Right now I am running the project in docker which works on https but it still gives me the ugly browser warnings since the container is like a separate machine. Can you see an easy way around this to get the certificate trusted on the host machine and used in a container?

Thanks

I am using devcert-cli to generate certificates. I noticed that the certutil was not functioning correctly so I tried manually installing nss and messing with flags. It was not editing the hosts file either but I tried doing the following:

devcert disable domain.test
rm domain.test*
devcert generate domain.test

The command failed. Any devcert generate domain.test after that creates an empty domain.test.cert file and a good domain.test.key file.

Here is the error output. It is difficult to reproduce:

Error: Command failed: openssl ca -config "/var/folders/nv/4dq8b8zd25j3sbx57nnwf8s40000gn/T/tmp-49642L24yawif0Cw.tmp" -in "/Users/brandonkal/Library/Application Support/
devcert/domains/domain.test/certificate-signing-request.csr" -out "/Users/brandonkal/Library/Application Support/devcert/domains/domain.test/certificate.
crt" -keyfile "/var/folders/nv/4dq8b8zd25j3sbx57nnwf8s40000gn/T/tmp-4964qJFfjg9lx8l0.tmp" -cert "/var/folders/nv/4dq8b8zd25j3sbx57nnwf8s40000gn/T/tmp-4964FBnVmQfD74bV
.tmp" -days 7000 -batch
Using configuration from /var/folders/nv/4dq8b8zd25j3sbx57nnwf8s40000gn/T/tmp-49642L24yawif0Cw.tmp
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'domain.test'
Certificate is to be certified until Sep 22 18:09:43 2037 GMT (7000 days)
failed to update database
TXT_DB error number 2
    at run (~/.nvm/versions/node/v8.11.2/lib/node_modules/devcert-cli/node_modules/devcert/dist/utils.js:24:28)

    at Object.openssl (~/.nvm/versions/node/v8.11.2/lib/node_modules/devcert-cli/node_modules/devcert/dist/utils.js:14:12)
    at constants_1.withDomainCertificateConfig (~/.nvm/versions/node/v8.11.2/lib/node_modules/devcert-cli/node_modules/devcert/dist/certificates.js:34:25)
    at Object.withDomainCertificateConfig (~/.nvm/versions/node/v8.11.2/lib/node_modules/devcert-cli/node_modules/devcert/dist/constants.js:47:5)
    at certificate_authority_1.withCertificateAuthorityCredentials (~/.nvm/versions/node/v8.11.2/lib/node_modules/devcert-cli/node_modules/devcert/dist/certificates.j
s:33:25)
    at Object.<anonymous> (~/.nvm/versions/node/v8.11.2/lib/node_modules/devcert-cli/node_modules/devcert/dist/certificate-authority.js:89:15)
    at Generator.next (<anonymous>)
    at fulfilled (~/.nvm/versions/node/v8.11.2/lib/node_modules/devcert-cli/node_modules/tslib/tslib.js:104:62)

I don't have a solution to this, but just FYI, Firefox 76 was released two days ago and removes the certificate install prompt you depend on in openCertificateInFirefox. The FF bug is here: https://bugzilla.mozilla.org/show_bug.cgi?id=1024871.

Responses with Content-type: application/x-x509-ca-cert now just prompt for download, and don't offer to install the cert at all.

I'm trying to solve this independently for a separate project - if you come up with a nice alternative, I'd love to hear about it!

I'm getting this error:
[!] (plugin at position 6) Error: spawnSync sh ENOENT Error: spawnSync sh ENOENT at notFoundError (C:\Users\Toni\WebstormProjects\pogoweb-frontend\svelte-app\node_modules\cross-spawn\lib\enoent.js:6:26) at Object.verifyENOENTSync (C:\Users\Toni\WebstormProjects\pogoweb-frontend\svelte-app\node_modules\cross-spawn\lib\enoen t.js:48:16) at Function.spawnSync [as sync] (C:\Users\Toni\WebstormProjects\pogoweb-frontend\svelte-app\node_modules\cross-spawn\inde x.js:29:43) at C:\Users\Toni\WebstormProjects\pogoweb-frontend\svelte-app\node_modules\password-prompt\index.js:79:26 at new Promise (<anonymous>) at Object.notty (C:\Users\Toni\WebstormProjects\pogoweb-frontend\svelte-app\node_modules\password-prompt\index.js:76:12) at Object.raw (C:\Users\Toni\WebstormProjects\pogoweb-frontend\svelte-app\node_modules\password-prompt\index.js:11:71) at Object.mask (C:\Users\Toni\WebstormProjects\pogoweb-frontend\svelte-app\node_modules\password-prompt\index.js:8:37) at Object.prompt [as default] (C:\Users\Toni\WebstormProjects\pogoweb-frontend\svelte-app\node_modules\password-prompt\in dex.js:112:30) at Object.<anonymous> (C:\Users\jzetlen\gits\devcert\user-interface.ts:15:32)

It's because of the password-prompt module. Please consider replacing it with something that works on windows. I've submitted the issue on their repo too but it looks kinda inactive there.

Implementing this in bankai, but even with the {installCertutil: true} option set, I'm still getting security warnings in both Chrome and Firefox.

Mac OS 10.12.5
Chrome 60.0.3112.32 (Official Build) beta (64-bit)
Firefox: 55 (developer edition)

Hi @davewasmer,

Thanks for building this amazing project.

I'm trying to generate a certificate for check.local. I do so using the following script :

# index.js
const devcert = require('devcert');
devcert
  .certificateFor("check.local")
  .then(res => {
    console.log(res);
  })
;

The script runs but doesn't complete. Here is the screenshot of the log:

Any ideas about what am I doing wrong here ?
I'm running this on Mac OS. Node v8.1.1.

Thanks

It seems like a recent update to Chrome enforces that self-signed certificates be generated with an alt name in addition to just a common name.

See related SO comment: https://stackoverflow.com/questions/43665243/chrome-invalid-self-signed-ssl-cert-subject-alternative-name-missing

Screenshot of the issue on Windows:

It would be great to be able to flush a specific cert. I could delete the entire ~/.config/devcert directory but would prefer to go through a more official channel so as not to impact anything other than the cert I am interested in flushing.

Although I believe devcert is one of the best solutions available for development certificates, I have concerns around the CA key being available in a predictable place that some malicious software could read or use.

One part of a solution to this problem would be to physically store the key on a thumbdrive, and symlink it into the place that devcert expects it to be. At cert-generation-time, the user would insert the drive, at which point the application cert can be signed, and then the drive can be removed.

I have this set up locally already, but would love for devcert to

• prompt me to insert my drive in the event that the symlink can't be resolved (rather than hard fail)
• prompt me to remove my drive immediately after

The API is already async, so this would probably be a non-breaking change

Outdated configstore dependency relies on outdated dot-prop which has a "high severity vulnerability" according to NPM. Would it be possible to upgrade configstore to the latest version?

If you pass in a name that contains your system's path separators it fails because the directory doesn't exist for openssl to write to, since it's a shell command:

{ Error: Command failed: openssl genrsa -out /Users/todd/.config/devcert/Users/todd/src/bankai/example.js.key 2048
    at checkExecSyncError (child_process.js:481:13)
    at Object.execSync (child_process.js:521:13)
    at run (/Users/todd/src/bankai/node_modules/devcert/dist/utils.js:20:28)
    at openssl (/Users/todd/src/bankai/node_modules/devcert/dist/utils.js:10:12)
    at Object.generateKey (/Users/todd/src/bankai/node_modules/devcert/dist/utils.js:33:5)
    at /Users/todd/src/bankai/node_modules/devcert/dist/index.js:39:21
    at next (native)
    at /Users/todd/src/bankai/node_modules/tslib/tslib.js:96:75
    at Object.__awaiter (/Users/todd/src/bankai/node_modules/tslib/tslib.js:92:16)
    at devcert (/Users/todd/src/bankai/node_modules/devcert/dist/index.js:23:20)
  error: null,
  cmd: 'openssl genrsa -out /Users/todd/.config/devcert/Users/todd/src/bankai/example.js.key 2048',
  file: '/bin/sh',
  args:
   [ '/bin/sh',
     '-c',
     'openssl genrsa -out /Users/todd/.config/devcert/Users/todd/src/bankai/example.js.key 2048' ],

The problem here is that devcert created /Users/todd/.config/devcert but then the key "name" doesn't exist as a path.

I'm trying to generate a certificate for multiple domain names, e.g.

dev.foo.com
dev.bar.com
dev.baz.bat.com

I'm guessing from looking at this file that its not possible at the moment:
https://github.com/davewasmer/devcert/blob/master/openssl-configurations/domain-certificates.conf#L38-L39

Could we add this as a feature? If you're all busy I could probably tackle it, any suggestions about how I would add it?

Love this library, but as noted in the README.md, obvious vulnerability is someone getting the CA key & cert for that machine. While the risk is probably low given it is tied to a single machine, there does seem to be a way of mitigating using X.509 v3 Name Constraints (https://tools.ietf.org/html/rfc5280#section-4.2.1.10):

1. Options set an array of allowed domains (default might be ['localhost', '.localhost']) for signing (. prefix allows for any subdomain of a passed domain)
2. Generate root CA & key
3. Generate intermediate CA & key signed using root key & cert, allowed domains are set on nameConstraints
4. Discard root key (makes any further cert singing by the root CA impossible)
5. Install root CA in trust store
6. Use intermediate CA for signing certs

This should mostly prevent the ability to sign for any arbitrary domain and reduces the scope to only the TLDs explicitly specified. The intermediate is required because by spec name constraints aren't supported on roots (i.e. self-signed) and only a couple implementations support the extension there, but should work on the intermediate in the chain. Discarding the root key prevents future signing by the root or creating another intermediate CA. Removing the root from the trust store will invalidate the whole chain, so still one click invalidation.

For the end user, the only complexity would be configuring the allowed domains and the feature could be opt-in. The resulting cert can contain the chain with the intermediate cert included or changing options.

I can work on an implementation if needed

Not really a big deal at the moment... I just thought I would mention that I get warnings that createCipher/createDecipher and new Buffer() are deprecated. The recommended methods are createCipheriv, createDecipheriv and Buffer.from.

Buffer.from is supposed to address some security concerns. Not sure precisely what concerns, since I haven't really looked into it too far.

Cipheriv and Decipheriv are considerably more secure, but also more complex to use. I had to solve this problem not too long ago in one of my projects. If interested, here's the algorithm I used: https://gist.github.com/Js-Brecht/97488f1951d6d35502d331c97b3b3c19

Is there someone run .ts file on production server?

Is it possible to ask for wildcard certs? Mainly for multi-tenant apps that use subdomains.

On the latest version (using devcert-cli):

devcert generate localhost
Error: "localhost" is not a valid domain name.

same for 127.0.0.1 and my local ip

I'm getting a NET::ERR_CERT_DATE_INVALID when generating tokens in the following manner. Is there anything that jumps out here that's invalid?

const host = "my-app.test";

const handleCerts = async () => {
    const certsDir = path.resolve(__dirname, "certs");
    const { key, cert } = await certificateFor(host);

    if (!fs.existsSync(certsDir)) {
        fs.mkdirSync(certsDir);
    }

    fs.writeFileSync(`${certsDir}/ssl.key`, key);
    fs.writeFileSync(`${certsDir}/ssl.cert`, cert);
    return;
};

handleCerts().then(() => {/*kick off server*/}

edit:

Subject: my-app.test

Issuer: devcert

Expires on: Sep 17, 2037

Current date: Jul 19, 2018

When prompting for a password:

devcert password (http://bit.ly/devcert-what-password?):

The link http://bit.ly/devcert-what-password looks to be deeplinking to some content that doesn't exist anymore.

In darwin.ts, the addDomainToHostFileIfMissing function will falsely decide that the provided domains name is already part of the hosts file if the word provided as domain occurs within the file. Here's an excerpt of the current code:

// Inside darwin.ts
 async addDomainToHostFileIfMissing(domain: string) {
    // This line only checks if the word appears within the file
    if (!hostsFileContents.includes(domain)) {
        // ...
    }
  }

This leads to plenty of false positives.
For example, consider this scenario:

We have a hosts file:

##
# Host Database
##
127.0.0.1 my-app.test

Now, we want to generate a certficate for just app.test. Because the hosts file already includes the string app.test, addDomainToHostFileIfMissing will decide that it is already included and skip adding the domain to the hosts file.

An example of a more robust solution would be to split the key-value pairs and perform strict equality checks between the two domain names

Since version 1.2.1, we're getting an error:

Error: "local.domain.com" is not a valid domain name.
    at /Users/amiry/dev/editor-x/bundles/editorx-santa-editor-bridge/node_modules/devcert/dist/index.js:40:23
    at Array.forEach (<anonymous>)

This was my mistake...

There seems to be some issue during cert generation on Windows.

Stepping through the process

• It asks me for a password
• It installs the certificate in my personal Trusted Root Certificate Authority store
• It tries to open the trust wizard in Firefox.

It will open Firefox, but the page it lands on just generates an endless refresh loop. When creating a server with the certs returned, the site displays the certificate security warning: "SEC_ERROR_BAD_SIGNATURE".

I am using Firefox version 68.0.2 (64-bit), on Windows 10 64-bit. It doesn't seem to be restricted to Firefox.

Opening the localhost url it provides in Chrome has the same problem. Chrome seems to trust the certificate, however.

Heya,

Since upgrading to catalina max cert length has been changed to 825 days. (https://support.apple.com/en-us/HT210176). Currently the certs this package generates are 7000 days.

Happy to make a pull request to change these values, just wanted to log an issue see how you wanted to approach it.

Cheers!

just been trying to test the package but i get devcert undefined,

yarn add devcert

import devcert  from 'devcert';

let ssl = await devcert.certificateFor('my-app.test');

devcert is undefined

This package doesn't have any API docs or a more elaborated usage example. This makes this library very difficult to use. Take a look at any package from sindresorhus for an example documentation.

I'm just getting started with certs so please forgive my ignorance...Is there a way to add certs for localhost / 127.0.0.1? I'm setting up a local environment for a project with multiple collaborators and would like to avoid the setup of editing /etc/hosts files etc.

What are your thoughts? Thanks.

The package update-ca-certificates used here is specific to debian, while most linux distributions use the trust package, which is also included in debian. The relevant flag being trust --extract-compat. We should switch, but a simple replacement of the commands didn't work, so not sure when I'll have time to learn about what's going on, meantime posting here.

Hello there. First, this is a super awesome project!

I'm on mac OS High Sierra.

I've found that when removeDomain is called, only the certificates will be removed. However, since the domain name isn't removed from the index.txt file inside ~/Library/Application Support/devcert/certificate-authority, OpenSSL gives the following error when certificateFor is invoked again in the future with the same hostname:

failed to update database
TXT_DB error number 2

Removing the entry from the index.txt file resolves the issue

Everything works for ".com" or ".de" but my specific domain "something.tech" doesn't work. It asks for password and waits without doing anything.

Hey there. The root certificate that devcert has generated and installed appears to have a lifetime of one month as seen in the image above. Am I missing something, or shouldn't there be a process for automatic renewal of the root certificate?

I'm on MacOS High Sierra and solved it by removing private-key.key and certificate.cert inside ~/Library/Application Support/devcert/certificate-authority, then removing all domains from the index.txt inside the same folder as well as all domains within ~/Library/Application Support/devcert/domains to force devcert into generating and signing new certificates.

Hi all!

I use a devcert-based tool of mine to set up TLS certs on my dev machine so I can do HTTPS development.

It's been working swell until very recently.

Suddenly I get NET::ERR_CERT_DATE_INVALID errors on my .test local domains, but only on Chromium browsers. This is unfathomable, as inspecting the certs in these browsers shows a valid date range:

• NBF Dec 2021
• EXP Dec 2023

I have no idea what gives, but in the meantime I'd like to just remove that cert from my devbox and have a fresh run regen it, but I have no idea how to remove a cert installed by devcert.

Any pointers?

Thanks!

I wanted to run through the whole initialization process again so I deleted ~/.config/devcert and deleted the trusted certs from my Keychain Access in the hopes that I could regenerate everything.

I found that the directory is not coming back after deleting. I went through the issues and saw there was also something in ~/Library/Application Support/devcert so I deleted that and ran again, this dir did come back but the /.config dir still did not.

Any idea how to get it to come back?