Enabled HTTPS in dev mode with self signed certificate (#514)

* Enabled HTTPS in dev mode with self signed certificate

* review comments

* review comments

* added PEM format cert for Linux/Mac

* removed duplicate cert

Co-authored-by: saurav vijay <saurav.vijay@reedbusiness.com>

backend/src/Squidex/Program.cs

@@ -5,7 +5,9 @@
 //  All rights reserved. Licensed under the MIT license.
 // ==========================================================================
 
+using System.Net;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Squidex.Areas.IdentityServer.Config;
@@ -61,6 +63,16 @@ namespace Squidex
                 })
                 .ConfigureWebHostDefaults(builder =>
                 {
+                    builder.ConfigureKestrel((context, serverOptions) =>
+                    {
+                        if (context.HostingEnvironment.IsDevelopment() || context.Configuration.GetValue<bool>("devMode:enable"))
+                        {
+                            serverOptions.Listen(
+                                IPAddress.Any,
+                                context.Configuration.GetValue<int>("devMode:port"),
+                                listenOptions => listenOptions.UseHttps("../../../local_certs/squidex-dev.pfx", "password"));
+                        }
+                    });
                     builder.UseStartup<Startup>();
                 });
     }

backend/src/Squidex/appsettings.json

@@ -1,4 +1,9 @@
 {
+  "devMode": {
+    "enable": false,
+    "port": 5001
+  },
+
   "mode": {
     /*
      * Use this flag to set Squidex to readonly, e.g. when you deploy a second instance for migration.

frontend/package.json

@@ -5,7 +5,7 @@
   "license": "MIT",
   "repository": "https://github.com/SebastianStehle/Squidex",
   "scripts": {
-    "start": "webpack-dev-server --config app-config/webpack.config.js --inline --port 3000 --hot",
+    "start": "webpack-dev-server --config app-config/webpack.config.js --inline --port 3000 --hot --https --pfx ../local_certs/squidex-dev.pfx --pfx-passphrase password",
     "test": "karma start",
     "test:coverage": "karma start karma.coverage.conf.js",
     "test:clean": "rimraf _test-output",

local_certs/create-cert.ps1

@@ -0,0 +1,40 @@
+# setup certificate properties including the commonName (DNSName) property for Chrome 58+
+$certificate = New-SelfSignedCertificate `
+    -Subject localhost `
+    -DnsName localhost `
+    -KeyAlgorithm RSA `
+    -KeyLength 2048 `
+    -NotBefore (Get-Date) `
+    -NotAfter (Get-Date).AddYears(10) `
+    -CertStoreLocation "cert:CurrentUser\My" `
+    -FriendlyName "Localhost Certificate for .NET Core" `
+    -HashAlgorithm SHA256 `
+    -KeyUsage DigitalSignature, KeyEncipherment, DataEncipherment `
+    -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") 
+$certificatePath = 'Cert:\CurrentUser\My\' + ($certificate.ThumbPrint)  
+
+# create temporary certificate path
+$tmpPath = "C:\tmp"
+If(!(test-path $tmpPath))
+{
+New-Item -ItemType Directory -Force -Path $tmpPath
+}
+
+# set certificate password here
+$pfxPassword = ConvertTo-SecureString -String "password" -Force -AsPlainText
+$pfxFilePath = "c:\tmp\squidex-dev.pfx"
+$cerFilePath = "c:\tmp\squidex-dev.cer"
+
+# create pfx certificate
+Export-PfxCertificate -Cert $certificatePath -FilePath $pfxFilePath -Password $pfxPassword
+Export-Certificate -Cert $certificatePath -FilePath $cerFilePath
+
+# import the pfx certificate
+Import-PfxCertificate -FilePath $pfxFilePath Cert:\LocalMachine\My -Password $pfxPassword -Exportable
+
+# trust the certificate by importing the pfx certificate into your trusted root
+Import-Certificate -FilePath $cerFilePath -CertStoreLocation Cert:\CurrentUser\Root
+
+# optionally delete the physical certificates (don’t delete the pfx file as you need to copy this to your app directory)
+# Remove-Item $pfxFilePath
+#Remove-Item $cerFilePath

local_certs/install-cert.ps1

@@ -0,0 +1,7 @@
+$pfxPassword = ConvertTo-SecureString -String "password" -Force -AsPlainText
+
+# import the pfx certificate
+Import-PfxCertificate -FilePath ./squidex-dev.pfx Cert:\LocalMachine\My -Password $pfxPassword -Exportable
+
+# trust the certificate by importing the pfx certificate into your trusted root
+Import-Certificate -FilePath ./squidex-dev.cer -CertStoreLocation Cert:\CurrentUser\Root

local_certs/squidex-dev.crt

@@ -0,0 +1,59 @@
+Bag Attributes
+    localKeyID: 01 00 00 00 
+    friendlyName: te-c73b69d4-3341-4710-874d-e22bb2c15956
+    Microsoft CSP Name: Microsoft Software Key Storage Provider
+Key Attributes
+    X509v3 Key Usage: 90 
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDh/y1tm+cbvrdH
+DZHh8LMgWGmuJxfgImLu0S//GLkQ4MQGjQEBkLSjoQLsjQI2B8zNzqM07DfouBmj
+nO+zu0argEPSyMxcEtQxB6aDCq+gHs+mamPs1d3JfgfP3yZjK7/wHhvF4pZaYhwI
+HNYwaq2BtRc1KvFnd9qjqoE1WfmucqlBGnHxHq5MW0Qyg9b1PIFRRAXB/WXPbutl
+ZkSBHOxq5bKnWeGryv8VuBeFEtQwhY14iscFxdb/tW7ieh8beW8TwQs3s6pFxou5
+TQXij5dCD52GC1QVemiAPsHh2hdOFE2DTJm01Mv32yGUsk1luF0V2hACpC2zb90c
+Gj4VY5eFAgMBAAECggEBAJ6Wd6V0AqBYm7ozjoxzYO+wuzAnZLy2xJ/7kWe8TJnI
+cCZ8qhkUF36/jRK7/LI3lQNTHvoTTUR0dCF5DkgcggH1NyLiH235FIf3a2SHiiid
+lm+cNtTKWyF63DaFzCVJXR49spWRZJq2QB99RNyi73CWyFtZ8B8AXx/8lUEAC5La
+t8Ftb/M5ieKQ9dAxyGL/U9L13ZmSO+J5Lc0ez9OwFpvNBNy353HKT0FL+qFuNV0K
+g+t+x0DRudlL7uxeACPdnBlaEaT3ILWqCig6IBcILgNfGofuCC/hMLMcx8JUoQcg
+atxife5w5Yyrxpsls1MLJEIhC02CKGsMwxXYPxaJjH0CgYEA9Rl0ivKaQSp/g43w
+Frt84za70J68ZSrAP7pLHETEpEZnUxGX6O9glS8R5nZBZZsOr+7l6GcGK0QodyBy
+CIpKppGt7JXSLnvq6FQeP4p5z6DTfKinfHhUCBffoQsDumMCQxsSLUmCpSSU5uXg
+Pv69i4vcRxs3EXw/78gu8jZDpEsCgYEA7Aw7UrV0IHgbfMTjPOrgrxMO02uKwya4
+2xf9a8Qst2KUVdV32LgKr3wqVhnaFWJTOoKWWnvOvzRLvkrz0UlevqwXDiNy9Lp+
+5R41KGi6QR3ehwQvizrtEkHange/mtvMh/7BwXRF2u7xnyjWavVs1iFCt/CNg3UK
+rMqbcz63MW8CgYASFvfgDXnPF3jj18UBmILmLjL8ecrD2LzptzE1++lbioqzudex
+bIF/YUL79HxtKF2UJJi5Z2kwJk6qRC3GbZaG5rekf4ZMwf6beSHmZK0K4v7Y84Wx
+DRx+oGxz8WEsD4SqOURFLWjEEYgf5pV/cMPCmeb/JIYS902sv+SfIdwqMwKBgQDT
+LJI6CVnN3oYA1ofRLPQ7zJn77P8kXdUNNWYj7kpu+cNpEuP4P5ZXroaVpuUjMmbx
+NnjalF6/UkLdCGMefjxD6uNpY69pYBs8UQ0PjLnsnZNCSS1bqykCp2W08YuqOC/A
+Dts6fhIsro39bOR+pfhrjTAKLSv9Sk11joEJ1jbAAwKBgQCHSGKYa4ugobYx/0Bz
+LYayNm4z0zf1V4aRlJZu6GyAoeBc1EEEXavmkCEJ7MEYoUDLp6ywuDnUybHzoa6c
+I0spWppC8GGGDhrxtrBS35tfENclhdxoUVorOI/yn8iJZtc1DU3vPFXNKUEYqgew
+gbGUoYGragfhbOfNGwkQ7C7jpA==
+-----END PRIVATE KEY-----
+Bag Attributes
+    localKeyID: 01 00 00 00 
+    1.3.6.1.4.1.311.17.3.71: 50 00 53 00 4C 00 4C 00 32 00 38 00 38 00 38 00 34 00 2E 00 62 00 32 00 62 00 2E 00 72 00 65 00 67 00 6E 00 2E 00 6E 00 65 00 74 00 00 00 
+    friendlyName: Localhost Certificate for .NET Core
+subject=/CN=localhost
+issuer=/CN=localhost
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfagAwIBAgIQYuhrnnBGU7dGIwU5o+LBGDANBgkqhkiG9w0BAQsFADAU
+MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjAwNDE3MDc1MTA2WhcNMzAwNDE3MDc1
+MTA2WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDh/y1tm+cbvrdHDZHh8LMgWGmuJxfgImLu0S//GLkQ4MQGjQEB
+kLSjoQLsjQI2B8zNzqM07DfouBmjnO+zu0argEPSyMxcEtQxB6aDCq+gHs+mamPs
+1d3JfgfP3yZjK7/wHhvF4pZaYhwIHNYwaq2BtRc1KvFnd9qjqoE1WfmucqlBGnHx
+Hq5MW0Qyg9b1PIFRRAXB/WXPbutlZkSBHOxq5bKnWeGryv8VuBeFEtQwhY14iscF
+xdb/tW7ieh8beW8TwQs3s6pFxou5TQXij5dCD52GC1QVemiAPsHh2hdOFE2DTJm0
+1Mv32yGUsk1luF0V2hACpC2zb90cGj4VY5eFAgMBAAGjXDBaMA4GA1UdDwEB/wQE
+AwIEsDAUBgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
+HQYDVR0OBBYEFBucYmpXCQ7QicOAXh2INjUg09DBMA0GCSqGSIb3DQEBCwUAA4IB
+AQDeKpRYhNYA2QrfFChrwVB2uOUx5M1JbcY0yQxMsRWtkIOQU6Jh5Y+yUucU8zjh
+iv953d8HNRH6O/tL3hdTgckIImkMaceIcLrXC91hDq2Pg8+jaUku3qH13i4DLUm5
+Yyw/G66hTH/pCzitwdlABrDLDEiZiqM4ZKa5oyYRR0TOQA3qQ+sTJfZ7b5oxxI+c
+43eF1/zN3XcHPLbJNxXzOhw/y2gSuaZWT2BuZjvpPR0swksCnhVuKkyzg3pNshLC
+nQf9lpPGdfExhgRKGACbPEIhyW6uRdquYpwz6QSEp1OFiNFToRPKtCq5vO1wr8O+
+j4gj3gZ8Dhp/sbwCp+U8OLTv
+-----END CERTIFICATE-----