Posted inUncategorized

Buat sertifikat SSL untuk mock capcut, multi domain ssl support

No Comments

1. Buat folder

mkdir ssl-capcut && cd ssl-capcut

2. Generate root CA (CA key + CA cert)

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -subj "/CN=Capcut Local CA"

3. Generate domain private key

openssl genrsa -out multi-domain.key 2048

4. Buat file config SAN (Subject Alternative Name)

Buat dan edit menjadi multi-domain.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage=digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = heycan-api-myb.capcutapi.com
DNS.2 = resource.capcutapi.com
DNS.3 = cdn-template.capcut.com
DNS.4 = api.capcut.com
DNS.5 = capcut.com
DNS.6 = capcutapi.com
DNS.7 = *.capcut.com
DNS.8 = *.capcutapi.com

5. Buat CSR (Certificate Signing Request)

openssl req -new -key multi-domain.key -out multi-domain.csr -subj "/CN=heycan-api-myb.capcutapi.com"

6. Sign CSR dengan root CA → hasilkan cert valid untuk domain

openssl x509 -req -in multi-domain.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out multi-domain.crt -days 825 -sha256 -extfile multi-domain.ext

Setelah ini, kamu akan punya:

multi-domain.key → Private key untuk HTTPS server

multi-domain.crt → Sertifikat publik untuk domain heycan-api-myb.capcutapi.com

rootCA.pem → Root CA yang nanti bisa kamu install ke sistem biar dipercaya

📦 Langkah 2: Pakai di Node.js Express
const https = require(“https”);
const express = require(“express”);
const fs = require(“fs”);
const path = require(“path”);

const app = express();
app.use(express.json());

const sslOptions = {
key: fs.readFileSync(“ssl-capcut/multi-domain.key”),
cert: fs.readFileSync(“ssl-capcut/multi-domain.crt”),
};

app.get(“/”, (req, res) => {
res.send(“✅ Mock Capcut HTTPS Server tanpa Fiddler”);
});

https.createServer(sslOptions, app).listen(443, () => {
console.log(“✅ Server HTTPS jalan di https://heycan-api-myb.capcutapi.com”);
});

📦 Langkah 3: Edit Hosts
Tambahkan ke file hosts:

127.0.0.1 heycan-api-myb.capcutapi.com

📦 Trust Root CA
Kalau CapCut masih menolak koneksi, bisa jadi karena dia tidak percaya pada sertifikat self-signed.

Cara mengatasinya:

Ubah nama rootCA.pem ke rootCA.crt dan pasang ke Trusted Root Certification Authorities di sistem

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *