Category: DevOps

Creating developer certificates and starting Angular 4 for SSL on Windows

If you’re a developer on Windows or a.Net developer getting to grips with Angular the steps outlined will create the various certificates and get local Angular 4 running under SSL.

The main steps are as follows and you will need to have installed makecert.exe and openSSL. For us Windows users the easiest way to get OpenSSL is to use one of the binaries installer listed here

  1. Create a Developer Root CA
  2. Install the Root CA certificate into your local certificate store
  3. Generate the developer localhost SSL certificates suitable for Angular 4
  4. Run Angular project using the developer localhost SSL certificate

Create a Developer Root CA Certificate

Create a folder to work in. Then open a command or PowerShell console and navigate to this folder.

You can either use makecert.exe, which I find the simplest,  or openSSL to generate a certificate

makecert.exe -r -n "CN=DevRoot" -pe -sv DevRoot.pvk -a MD5 -len 2048 -b 01/21/2010 -e 01/21/2030 -cy authority DevRoot.cer

You will be asked to provide a password to protect the private key and two files will be created. A private key file .PVK and a Microsoft format certificate .CER

If you want to use openSSL then you can follow the instructions here


Install and trust the Root CA Certificate

In order for the browsers to trust the SSL certificate we will make in the next we need to install the Root CA Certificate we have just created into our ‘trusted Root Certificate’ store.

  1. Right-click on the CER file and select ‘Install Certificate’
  2. Select User
  3. Select the Trusted Root Certificate Authorities
  4. Click Next and Finish

All developers in you team should do this.

Generate the developer localhost SSL certificates

You can do this using makecert.exe or openSSL. You will be using the Root CA private key and certificate you created in step 1.

makecert.exe -iv DevRoot.pvk -ic DevRoot.cer -n "CN=localhost" -pe -sv dev.web.local.pvk -a MD5 -len 2048 -b 01/21/2010 -e 01/21/2020 -sky exchange dev.web.local.cer -eku

You will be prompted to enter the RootCA private key password and also to set a password for the SSL certificate private key. I chose not to set one for the new key as I could not find how to specify this later using the Angular CLI. You will now have a PVK and CER files for the SSL, but Angular CLI needs a PEM and a CRT files. Use the following command to generate the convert both files to compatible formats.

REM Convert CER to CRT openssl x509 -inform DER -in web.local.cer -out web.local.crt REM Convert PVK to PEM openssl rsa -inform pvk -in web.local.pvk -outform pem -out web.local.pem

Run Angular project with Developer SSL Certificates

Copy the PEM and CRT files to the root of your Angular 4 project.

The following Angular  4 CLI command can be used to run the project using the Developer SSL private key and certificate.

ng serve --ssl --ssl-key "web.local.pem" --ssl-cert "web.local.crt"

add a -o to open your browser too!

Additional useful command if you need a PFX file for anything

You will need to locate a copy of pvk2pfx.exe.

REM Make PFX pvk2pfx.exe -pvk web.local.pvk -spc web.local.cer -pfx web.local.pfx

Azure Active Directory – How to give a Registered Application an AD Directory Administrative Role

By default a ‘Registered Application’ account is not a member of any Directory Roles and/or group memberships and there is no easy way to make these changes using the portal. You may have an API or back-end application that will be required to perform actions on your AD that requires elevated permissions (e.g. Reset passwords or delete accounts etc..)

Normally for advanced configuration, you will need to start editing the manifest file. Luckily this has been made easy using the Portal. You can now edit the file directly, or download, make changes and then upload.

However, to make a ‘Registered Application’ a member of a ‘Directory Administrative Role’ you need to use PowerShell to add the role member to the ‘Service Principal’ (as I couldn’t find a way to do this in the manifest!).

Continue reading “Azure Active Directory – How to give a Registered Application an AD Directory Administrative Role”

Let’s Encrypt Extension for Azure App Services

Let’s Encrypt Extension for Azure App Services

Thanks to Simon J.K. Pedersen ( there is now a reasonably easy way to get auto-updating “Let’s Encrypt” SSL certificates in you Azure App Services using the “Azure Let’s Encrypt” Extension (

There are some very comprehensive install and setup steps here

Continue reading “Let’s Encrypt Extension for Azure App Services”

How to delete an Azure Active Directory (ADD) Tenant

You may have discovered that deleting an Azure Active Directory is a particularly frustrating experience that ultimately ends in failure. The new portal have improved things a bit, by running through a series of check before the delete button is enabled.

You may need to go back to the Classic portal ( to see some of the objects/resources to delete.

However, although this will help you remove ‘most’ of what you need to, unfortunately NOT all!

In this case I got a “Unable to delete directory

Continue reading “How to delete an Azure Active Directory (ADD) Tenant”

How to add Open Source License to your GitHub repository

When you first create a new repository in GitHub, you get a very handy drop down of Open Source Licenses options to add. This is really useful and saves you trying to find the standard copy somewhere.

If you don’t choose one when you create the repo, then there is a sneaky way to get that drop down back and easily add a standard license file later. Continue reading “How to add Open Source License to your GitHub repository”