Skip to content

Latest commit

 

History

History
64 lines (47 loc) · 2.83 KB

https.md

File metadata and controls

64 lines (47 loc) · 2.83 KB
Raw

HTTPS Setup

HTTPS browser setup for production usage

All computers in VA already have this setup, if you are using a non-VA laptop for development you will need to trust the VA Root Certificate Authority (CA) in your browser(s).

Download certificates, right click "save as"

If you see a message from your browser like the following:

can't be downloaded securely

Click the "^" button and select "Keep."

OSX

  1. Open Keychain Access
  2. Go to Certificates (under Category in left sidebar)
  3. Select "System" under Keychains (in sidebar)
  4. Select "Import Items..." from File menu. (Shift-Command-I)
  5. Select the two .cer files above.
  6. They should now appear in your list of certificates
  7. For each certificate: 1) File > Get info 2) Under Trust > When using this certificate, select "Always Trust". 3) Close the Get info window, which will prompt a password save.
  8. You may need to restart your browser.

Linux

Chrome

  1. Go to chrome://settings/certificates?search=https
  2. Click "Authorities"
  3. Click "Import" and select VA-Internal-S2-RCA1-v1.cer file downloaded above

Firefox

  1. Go to about:preferences#privacy, scroll to bottom
  2. Click "View Certificates"
  3. Click "Authorities" tab
  4. Click "Import"
  5. Import both files downloaded above

Windows

Chrome

  1. Open settings
  2. Click "Privacy and Security" in the left sidebar
  3. Click "Security" in the main section
  4. Scroll down and click on "Manage certificates" under the Advanced section
  5. Under the "Intermediate Certificate Authorities", click "Import" and select VA-Internal-S2-ICA1-v1.cer downloaded above
  6. Under the "Root Certificate Authorities", click "Import" and select VA-Internal-S2-RCA1-v1.cer downloaded above
  7. You may need to restart your browser (all windows) or your machine in order to for these certs to become active.

HTTPS testing (locally/Lando)

You can't test with the VA cert locally using Lando but you can use Lando's self-signed cert. If you need to test the actual cert locally contact the DevOps team to help you setup the vagrant build system to get HTTPS working with VA CA.

To test with Lando's self-signed cert you need to tell your system to trust the Lando Certificate Authority. Instructions are here > https://docs.devwithlando.io/config/security.html

TODO, create upstream PR with sudo trust anchor --store ~/.lando/certs/lndo.site.pem for Arch Linux

Note: I had to still import that same CA into Chrome. Go to chrome://settings/certificates?search=https Click "Authorities" Import .lando\certs\lndo.site.pem

If you're using ddev, run mkcert -install and restart your browser.