62 lines
2.1 KiB
Plaintext
62 lines
2.1 KiB
Plaintext
|
|
---
|
||
|
|
title: Signing Certificate
|
||
|
|
description: Learn how to create a free, self-signed certificate for local development.
|
||
|
|
---
|
||
|
|
|
||
|
|
import { Callout, Steps } from 'nextra/components';
|
||
|
|
|
||
|
|
# Create Your Signing Certificate
|
||
|
|
|
||
|
|
Digitally signing documents requires a signing certificate in `.p12` format. You can either purchase one or create a free self-signed certificate.
|
||
|
|
|
||
|
|
Follow the steps below to create a free, self-signed certificate for local development.
|
||
|
|
|
||
|
|
<Steps>
|
||
|
|
|
||
|
|
### Generate Private Key
|
||
|
|
|
||
|
|
Generate a private key using OpenSSL by running the following command:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
openssl genrsa -out private.key 2048
|
||
|
|
```
|
||
|
|
|
||
|
|
This command generates a 2048-bit RSA key.
|
||
|
|
|
||
|
|
### Generate Self-Signed Certificate
|
||
|
|
|
||
|
|
Using the private key, generate a self-signed certificate by running the following command:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
openssl req -new -x509 -key private.key -out certificate.crt -days 365
|
||
|
|
```
|
||
|
|
|
||
|
|
You will be prompted to enter some information, such as the certificate's Common Name (CN). Ensure that you provide the correct details. The `—days` parameter specifies the certificate's validity period.
|
||
|
|
|
||
|
|
### Create `p12` Certificate
|
||
|
|
|
||
|
|
Combine the private key and the self-signed certificate to create a `.p12` certificate. Use the following command:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt
|
||
|
|
```
|
||
|
|
|
||
|
|
<Callout type="warning">
|
||
|
|
If you get the error "Error: Failed to get private key bags", add the `-legacy` flag to the command `openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt -legacy`.
|
||
|
|
|
||
|
|
</Callout>
|
||
|
|
|
||
|
|
### `p12` Certificate Password
|
||
|
|
|
||
|
|
When you create the `.p12` certificate, you will be prompted to enter a password. Enter a strong password and keep it secure. Remember this password, as it will be required when using the certificate.
|
||
|
|
|
||
|
|
Note that for local development, the password can be left empty.
|
||
|
|
|
||
|
|
### Add Certificate to the Project
|
||
|
|
|
||
|
|
Finally, add the certificate to the project. Place the `certificate.p12` file in the `/apps/web/resources` directory. If the directory doesn't exist, create it.
|
||
|
|
|
||
|
|
The final file path should be `/apps/web/resources/certificate.p12`.
|
||
|
|
|
||
|
|
</Steps>
|