stevenroose/enable_ssl.dart

## enable_ssl.dart

void enableSSL() {
  // the password used for the certutil db
  var sslPassword = "";

  // the certificate subject
  //  retrieved from certutil with command
  //   > certutil -d sql:. -L -n my_domain
  //   and look for the "Subject: " line under certificate data
  var certificateName = "CN=mydomain.com,OU=...";

  // init
  SecureSocket.initialize(database: ".", password: sslPassword);

  // bind
  HttpServer.bindSecure(host, sslPort, certificateName: certificateName).then((server) {
    // ...
  });
}

## setup_ssl.txt

# generate new private key
openssl req -out my_domain.csr -new -newkey rsa:2048 -nodes -keyout my_domain.key

# send the CSR to the SSL provider to issue a certificate
# files received from SSL provider:
#  - AddTrustExternalCARoot.crt
#  - COMODORSAAddTrustCA.crt
#  - COMODORSADomainValidationSecureServerCA.crt
#  - my_domain.crt

# create a new database
certutil -d sql:. -N

# add the root certificate (from SSL provider)
certutil -d sql:./ -A -t "C,," -n AddTrustExternalCARoot -i AddTrustExternalCARoot.crt

# add intermediate vertificates (from SSL provider)
certutil -d sql:./ -A -t ",," -n COMODORSAAddTrustCA -i COMODORSAAddTrustCA.crt
certutil -d sql:./ -A -t ",," -n COMODORSADomainValidationSecureServerCA -i COMODORSADomainValidationSecureServerCA.crt

# add my domain certificate (from SSL provider)
certutil -d sql:./ -A -t "P,," -n my_domain -i my_domain.crt


# with this config, the server (its a primitive Dart server) gives this error:
# > Cannot find private key for certificate

# convert the private key to a pkcs12 key (thanks to Eric Darchis, http://stackoverflow.com/a/27176982/749521)
openssl pkcs12 -export -out my_domain.p12 -inkey my_domain.key -in my_domain.crt -certfile COMODORSADomainValidationSecureServerCA.crt

# add the key to the database
pk12util -i my_domain.p12 -d sql:.

# put the 2 .db files into the bin/ folder of the Dart server project

# celebrate

	void enableSSL() {
	// the password used for the certutil db
	var sslPassword = "";

	// the certificate subject
	// retrieved from certutil with command
	// > certutil -d sql:. -L -n my_domain
	// and look for the "Subject: " line under certificate data
	var certificateName = "CN=mydomain.com,OU=...";

	// init
	SecureSocket.initialize(database: ".", password: sslPassword);

	// bind
	HttpServer.bindSecure(host, sslPort, certificateName: certificateName).then((server) {
	// ...
	});
	}

	# generate new private key
	openssl req -out my_domain.csr -new -newkey rsa:2048 -nodes -keyout my_domain.key

	# send the CSR to the SSL provider to issue a certificate
	# files received from SSL provider:
	# - AddTrustExternalCARoot.crt
	# - COMODORSAAddTrustCA.crt
	# - COMODORSADomainValidationSecureServerCA.crt
	# - my_domain.crt

	# create a new database
	certutil -d sql:. -N

	# add the root certificate (from SSL provider)
	certutil -d sql:./ -A -t "C,," -n AddTrustExternalCARoot -i AddTrustExternalCARoot.crt

	# add intermediate vertificates (from SSL provider)
	certutil -d sql:./ -A -t ",," -n COMODORSAAddTrustCA -i COMODORSAAddTrustCA.crt
	certutil -d sql:./ -A -t ",," -n COMODORSADomainValidationSecureServerCA -i COMODORSADomainValidationSecureServerCA.crt

	# add my domain certificate (from SSL provider)
	certutil -d sql:./ -A -t "P,," -n my_domain -i my_domain.crt


	# with this config, the server (its a primitive Dart server) gives this error:
	# > Cannot find private key for certificate

	# convert the private key to a pkcs12 key (thanks to Eric Darchis, http://stackoverflow.com/a/27176982/749521)
	openssl pkcs12 -export -out my_domain.p12 -inkey my_domain.key -in my_domain.crt -certfile COMODORSADomainValidationSecureServerCA.crt

	# add the key to the database
	pk12util -i my_domain.p12 -d sql:.

	# put the 2 .db files into the bin/ folder of the Dart server project

	# celebrate