Secure HTTP (HTTPS) with the Local Server
The gulp local
command starts two instances of the local server at the following URLs:
-
http://localhost:7777
-
https://localhost:7778
The instance running at port 7778 provides a secure domain using HTTPS. This enables you to test the application using secure domains. However, before using secure domains on the local server, you must perform the following:
Task |
Follow These Instructions |
---|---|
Generate the required SSL certificates and private keys. |
|
Configure the |
|
Install the certificates on your system. |
|
Modify the |
|
Modify the root URL in the application’s local.ssp file: |
|
Access the local server using a secure URL. |
Generate SSL Certificates and Private Keys
To access a secure domain via HTTPS when running the local server, you must use an SSL certificate and a private key. Since the local server is intended for testing and not a production environment, you can create a self-signed certificate locally and do not need to use a third-party certificate provider.
To generate an SSL Certificate and a Private Key
-
Download and Install OpenSSL.
-
Generate an RSA private key.
-
Run the following command:
openssl genrsa -des3 -out ca.key 1024
-
Enter and confirm a password for the certificate.
You will use this password in the remaining procedures for creating a certificate and private key.
This command outputs the RSA private key in a file called
ca.key
. -
-
Create a new SSL certificate.
-
Run the following command:
openssl req -new -sha256 -key ca.key -out ca.csr
This command uses the RSA private key created in the previous step.
-
Accept the default value for the
localhost
field. The other fields are not required to create the certificate used by the local server when running HTTPS.
This command outputs the SSL certificate in a file called
ca.csr
. -
-
Create a self-signed certificate:
openssl x509 -req -days 3600 -in ca.csr -out ca.crt -signkey ca.key
If you are prompted to enter a password, use the password you entered when generating the RSA key.
-
Create a server key:
openssl genrsa -des3 -out server.key 1024
This command outputs the server private key to a file called
server.key
. -
Create a certificate signing request (CSR):
openssl req -new -sha256 -key server.key -out server.csr
This command outputs the CSR to a file called
server.csr
. -
Remove the password from the server certificate.
This step is optional. If you encounter problems with the password, you can remove it from the certificate.
-
Copy the
server.key
file toserver.key.org
. -
Run the following command to generate a new
server.key
file that has no password:openssl rsa -in server.key.org -out server.key
This command creates a new private key called
server.key
. The local server uses this file when creating a secure domain. Therefore, you should move it to a permanent location.
-
-
Create a self-signed server certificate:
openssl x509 -req -sha256 -days 3600 -in server.csr -signkey server.key -out server.crt
This command creates a new server certificate called
server.crt
. The local server uses this file when creating a secure domain. Therefore, you should move it to a permanent location.
Configure the KEYPEM and CERTPEM Environment Variables
After generating a server certificate and private key, you must define environment variables that point to these files.
Using the method for setting environment variables for your operating system, create the following:
You must set these environment variables before running the local server.
|
|
|
|
On Windows, for example, you can set these environment variables as in the following example:
set KEYPEM=c:\OpenSSL-Win64\server.key
set CERTPEM=c:\OpenSSL-Win64\server.crt
Install the Generated Certificates
After generating the SSL and server certificates, you must enable them to work with your web browser. On Windows, you can use the Certificate Import Wizard.
To install generated certificates:
-
Run the
server.crt
file you generated using OpenSSL. -
Click Install Certificate.
-
Click Next.
-
Choose Place all certificates in the following store, then click Browse.
-
Choose Trusted Root Certification Authorities, then click OK.
-
Click Next.
-
Verify that your settings are correct, then click Finish.
-
Click Yes to verify that you want to install the certificate on your system.
After installing the server certificate, you should repeat these procedures to install the ca.crt
file generated in a previous step.
Modify the distro.json File
To access a secure domain on the local sever, you must ensure that the https
object exists in the local
object of taskConfig
. After adding the https
object, add an entry for the HTTPS port, certificate and key.
Your distro.json
file should look similar to the following:
"tasksConfig": {
"local": {
"http": {
"port": 7777
},
"lessSourcemap": false,
"jsRequire": true,
"https": {
"port": 7778,
"key": "KEYPEM",
"cert": "CERTPEM"
}
},
...
You must set the key
and cert
properties as shown above. The local server uses these values to determine the environment variables used to local the certificate and key required to use HTTPS.
Modify the Root URL of the SSP Application
To use HTTPS with the local server, you must change the value of the ROOT
variable in the SSP application.
To modify the root URL of the SSP application:
-
Open the application’s
index-local.ssp
file.This file is located in
<SCA_Source_Root>
. For example, theindex-local.ssp
file for the Shopping application resides in this directory:/Modules/suitecommerce/ShoppingApplication@x.y.z/Internal
Note:For SCA 2019.2 and later releases,
index-local.ssp
files reside in the SCA Modules stored in the Advanced directory. For example:/Advanced/ShoppingApplication/Internals
-
Change the value of the
ROOT
variable:var ROOT = 'https://localhost:7778/'
-
Compile and deploy the application using the following command:
gulp deploy
Because this procedure changes a backend file, you must deploy the files to NetSuite. In the process of compiling the application, this command creates the
local.ssp
file based on theindex-local.ssp
file that you modified in the preceding steps.
Access the Local Server Using a Secure URL
To access the local server using the local server, you must use the URL of your secure domain.
To access the local server using a secure domain:
-
Run the following command:
gulp local
-
Access the secure domain of the local server using a URL of the following form:
https://mysite.com/c.<account_id>/<SSP_application>/shopping-local.ssp
For example, your URL should look similar to the following to access the Shopping application:
https://mysite.com/c.123456/sca-dev-montblanc/shopping-local.ssp