Is .cert folder with files supposed to be generated uniquely for each eav-project?

[emlunde]

Right now the .cert folder in the web application projects directory is copied from an existing project and is included as the same files from the Template project every time a new EAV project is created. It is to my understanding that the current .cert documents are for local domains only, so I don't think this is an issue, but I have created this issue as I am not entirely sure.
This is a quote from the README in the .cert folder:
"

# How to create an HTTPS certificate for localhost domains

This focuses on generating the certificates for loading local virtual hosts hosted on your computer, for development only.

"

Are these files fine to be left as is, or is the developer supposed to generate the files for each project?

[pksorensen]

I am not 100% sure myself, I intended them to be part of generation - however local projects can just generate/extract them from browser. We should properly write that guide on how to set up edge/chrome to trust local host certs. Visual studio will do that if run from visual studio etc. For now let’s just keep them in template and keep this open for further discussion

[pksorensen]

They are used when when generating certs for local hostnames if not running on localhost and having a external portal ect, so on VandData we use this for npm run run and i updated in project for docker commands and pfx file for the launchsettings ect.

# How to create an HTTPS certificate for localhost domains

This focuses on generating the certificates for loading local virtual hosts hosted on your computer, for development only.


**Do not use self-signed certificates in production !**
For online certificates, use Let's Encrypt instead ([tutorial](https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8)).



## Certificate authority (CA)

Generate `RootCA.pem`, `RootCA.key` & `RootCA.crt`:

	openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=Example-Root-CA"
	openssl x509 -outform pem -in RootCA.pem -out RootCA.crt 

    docker run -ti --rm -v ${PWD}:/apps -w /apps alpine/openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=Example-Root-CA"
    docker run -ti --rm -v ${PWD}:/apps -w /apps alpine/openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
Note that `Example-Root-CA` is an example, you can customize the name.


## Domain name certificate

Let's say you have two domains `fake1.local` and `fake2.local` that are hosted on your local machine
for development (using the `hosts` file to point them to `127.0.0.1`).

First, create a file `domains.ext` that lists all your local domains:

	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
	subjectAltName = @alt_names
	[alt_names]
	DNS.1 = localhost
	DNS.2 = fake1.local
	DNS.3 = fake2.local

Generate `localhost.key`, `localhost.csr`, and `localhost.crt`:

	openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost.local"
	openssl x509 -req -sha256 -days 1024 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt

    docker run -ti --rm -v ${PWD}:/apps -w /apps alpine/openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost"
    docker run -ti --rm -v ${PWD}:/apps -w /apps alpine/openssl x509 -req -sha256 -days 1024 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt

    docker run -ti --rm -v ${PWD}:/apps -w /apps alpine/openssl pkcs12 -export -in localhost.crt -inkey localhost.key -out localhost.pfx -certfile RootCA.pem -passout file:password

Note that the country / state / city / name in the first command  can be customized.

You can now configure your webserver, for example with Apache:

	SSLEngine on
	SSLCertificateFile "C:/example/localhost.crt"
	SSLCertificateKeyFile "C:/example/localhost.key"


## Trust the local CA

At this point, the site would load with a warning about self-signed certificates.
In order to get a green lock, your new local CA has to be added to the trusted Root Certificate Authorities.


### Windows 10: Chrome, IE11 & Edge

Windows 10 recognizes `.crt` files, so you can right-click on `RootCA.crt` > `Install` to open the import dialog.

Make sure to select "Trusted Root Certification Authorities" and confirm.

You should now get a green lock in Chrome, IE11 and Edge.


### Windows 10: Firefox

There are two ways to get the CA trusted in Firefox.

The simplest is to make Firefox use the Windows trusted Root CAs by going to `about:config`,
and setting `security.enterprise_roots.enabled` to `true`.

The other way is to import the certificate by going
to `about:preferences#privacy` > `Certificats` > `Import` > `RootCA.pem` > `Confirm for websites`.

and

      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "local",
        "ASPNETCORE_Kestrel__Certificates__Default__Path": "../../.cert/localhost.pfx",
        "ASPNETCORE_Kestrel__Certificates__Default__Password": "password"
      },

So would like to make something with a parameter in template generation that specify which hostname one want to use locally and genrate domains.txt and a gen.ps1 file to run the docker commands