Jamiewarb/gist:f81f1d50d30a05a5e1bd63912d108e3b

## gistfile1.txt
# Here we generate an SSL cert for zuma.local, add it to keychain and trust it.
# https://support.citrix.com/article/CTX135602

# Steps:
# 1. Create a .cnf file for the config of our certificate.
#      This is required to get the subjectAltName field, which Firefox and Chrome
#      required to trust our cert.
# 2. Generate a key and a cert file using openssl
# 3. Add the cert to your ssl vhost (e.g. port :443)
# 4. Add the cert to your MacOS KeyChain, and set it to Always Trust

# Create a plain text file with the below data in it. Call it openssl-hex.cnf
vim ~/etc/ssl/openssl-hex.cnf

# openssl-hex.cnf
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = UK
ST = England
L = London
O = Hex Digital
OU = Development
CN = zuma.local
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = zuma.local

# Then in terminal, paste the following, specifying the path to openssl-hex.cnf as the -config open
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout zuma.key -out zuma.crt -config ~/etc/ssl/openssl-hex.cnf

# Now add this in the vhost section of apache config
vim /usr/local/etc/httpd/extra/httpd-ssl.conf

# Now navigate to the URL in Chrome, click the Not Secure in address bar, view the cert
# Drag the cert to desktop
# Open Keychain, go to login keychain, and the certifications category
# Drag the cert in here
# Double click it, click Trust, click Always.
# Restart Apache.
# Done!

# Optionally you can add a redirect in httpd-vhosts.conf to redirect the http to https
<VirtualHost *:80>
    Redirect / https://zuma.local
    ServerAdmin webmaster@localhost
    ...
</VirtualHost>
	# Here we generate an SSL cert for zuma.local, add it to keychain and trust it.
	# https://support.citrix.com/article/CTX135602

	# Steps:
	# 1. Create a .cnf file for the config of our certificate.
	# This is required to get the subjectAltName field, which Firefox and Chrome
	# required to trust our cert.
	# 2. Generate a key and a cert file using openssl
	# 3. Add the cert to your ssl vhost (e.g. port :443)
	# 4. Add the cert to your MacOS KeyChain, and set it to Always Trust

	# Create a plain text file with the below data in it. Call it openssl-hex.cnf
	vim ~/etc/ssl/openssl-hex.cnf

	# openssl-hex.cnf
	[req]
	distinguished_name = req_distinguished_name
	x509_extensions = v3_req
	prompt = no
	[req_distinguished_name]
	C = UK
	ST = England
	L = London
	O = Hex Digital
	OU = Development
	CN = zuma.local
	[v3_req]
	keyUsage = keyEncipherment, dataEncipherment
	extendedKeyUsage = serverAuth
	subjectAltName = @alt_names
	[alt_names]
	DNS.1 = zuma.local

	# Then in terminal, paste the following, specifying the path to openssl-hex.cnf as the -config open
	openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout zuma.key -out zuma.crt -config ~/etc/ssl/openssl-hex.cnf

	# Now add this in the vhost section of apache config
	vim /usr/local/etc/httpd/extra/httpd-ssl.conf

	# Now navigate to the URL in Chrome, click the Not Secure in address bar, view the cert
	# Drag the cert to desktop
	# Open Keychain, go to login keychain, and the certifications category
	# Drag the cert in here
	# Double click it, click Trust, click Always.
	# Restart Apache.
	# Done!

	# Optionally you can add a redirect in httpd-vhosts.conf to redirect the http to https
	<VirtualHost *:80>
	Redirect / https://zuma.local
	ServerAdmin webmaster@localhost
	...
	</VirtualHost>