Last active
May 10, 2018 13:25
-
-
Save Jamiewarb/f81f1d50d30a05a5e1bd63912d108e3b to your computer and use it in GitHub Desktop.
Generate SSL Cert and Self Sign for Apache VHost
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Here we generate an SSL cert for zuma.local, add it to keychain and trust it. | |
# https://support.citrix.com/article/CTX135602 | |
# Steps: | |
# 1. Create a .cnf file for the config of our certificate. | |
# This is required to get the subjectAltName field, which Firefox and Chrome | |
# required to trust our cert. | |
# 2. Generate a key and a cert file using openssl | |
# 3. Add the cert to your ssl vhost (e.g. port :443) | |
# 4. Add the cert to your MacOS KeyChain, and set it to Always Trust | |
# Create a plain text file with the below data in it. Call it openssl-hex.cnf | |
vim ~/etc/ssl/openssl-hex.cnf | |
# openssl-hex.cnf | |
[req] | |
distinguished_name = req_distinguished_name | |
x509_extensions = v3_req | |
prompt = no | |
[req_distinguished_name] | |
C = UK | |
ST = England | |
L = London | |
O = Hex Digital | |
OU = Development | |
CN = zuma.local | |
[v3_req] | |
keyUsage = keyEncipherment, dataEncipherment | |
extendedKeyUsage = serverAuth | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = zuma.local | |
# Then in terminal, paste the following, specifying the path to openssl-hex.cnf as the -config open | |
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout zuma.key -out zuma.crt -config ~/etc/ssl/openssl-hex.cnf | |
# Now add this in the vhost section of apache config | |
vim /usr/local/etc/httpd/extra/httpd-ssl.conf | |
# Now navigate to the URL in Chrome, click the Not Secure in address bar, view the cert | |
# Drag the cert to desktop | |
# Open Keychain, go to login keychain, and the certifications category | |
# Drag the cert in here | |
# Double click it, click Trust, click Always. | |
# Restart Apache. | |
# Done! | |
# Optionally you can add a redirect in httpd-vhosts.conf to redirect the http to https | |
<VirtualHost *:80> | |
Redirect / https://zuma.local | |
ServerAdmin webmaster@localhost | |
... | |
</VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment