Serving localhost with https

Janarthanan
Nov 6 · 1 min read

As the penetration test found out that we are serving cookie without secure attribute. So I enabled cookie with secure by adding following in web.xml in my java spring backend.

<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
<session-config>

This forces your front end code to work only with https. We are using webpack with express js to serve angular application in local.

using ssl you can generate the security certificate.

create the config for ssl certificate. sample here

Now just run the sslGenerator.sh file through shell, if you are in Windows, Use git bash to run the shell command. It creates SSL Key like this.

Add this key and cert file to run your server.