Developing with SSL
Nothing is more noble, nothing more venerable than fidelity. Faithfulness and truth are the most sacred excellences and endowments of the human mind.Marcus Tullius Cicero
At Leaping Gorilla we like to make our development environments reflect Production as closely as possible in order to minimise nasty surprises. To this end we develop against local IIS rather than the Visual Studio inbuilt server or IIS Express.
First port of call is the setup. We run a local install of IIS with a site created with a dev prefix (like dev.www.leapinggorilla.com). We set the site to answer to port 80 and add a host entry to redirect the URL to 127.0.0.1. We ensure that the Visual Studio project is configured to use IIS and pass it the expected URL.
Setting up Port 443
Supporting SSL for development means generating a self signed certificate. We also want to ensure that the certificate we create is trusted by our local machines - this will stop any invalid certificate errors when we access a site protected by SSL. To do this we use makecert which is included in the .Net framework. We create a batch file for certificate generation to make bringing a new dev machine up to speed faster and less painful.
# This batch file must be run as an administrator makecert -n "CN=Your Company Dev Root CA,O=Your Company,OU=Development,L=,S=,C=UK" -pe -ss Root -sr LocalMachine -sky exchange -m 120 -a sha1 -len 2048 -r makecert -n "CN=dev.www.yoursite.com" -pe -ss My -sr LocalMachine -sky exchange -m 120 -in "Your Company Dev Root" -is Root -ir LocalMachine -a sha1 -eku 220.127.116.11.18.104.22.168.1 makecert -n "CN=dev.api.yoursite.com" -pe -ss My -sr LocalMachine -sky exchange -m 120 -in "Your Company Dev Root" -is Root -ir LocalMachine -a sha1 -eku 22.214.171.124.126.96.36.199.1
If you're wondering what those magic numbers do they're Object Identifiers. These are magic numbers that denote special tasks that the certificate made by makecert can be used for. Take a look at the documentation for more details.
With the certs created and installed on the local machine we configure IIS to bind port 443 using them. With that, we're done! Another machine ready to develop using SSL "Just like the real world".
Find this post useful? Follow us on Twitter