Skip to content

Instantly share code, notes, and snippets.

@billhance

billhance/README.md

Last active May 1, 2019 04:13
Show Gist options
  • Save billhance/9063d4506435e46fea1d8353552e1362 to your computer and use it in GitHub Desktop.
Save billhance/9063d4506435e46fea1d8353552e1362 to your computer and use it in GitHub Desktop.
Download ZIP
Enable HTTPS on Localhost (MacOS)
Raw
README.md

Enable HTTP on Localhost (MacOS)

Create Root Certificate and CA

$ cd ~/.ssh

$ openssl genrsa -des3 -out rootCA.key 2048

// Choose any number of days. I chose 10000 to make it far in the future.
$ openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 10000 -out rootCA.pem

Enter pass phrase for localhost.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:US
State or Province Name (full name) []:CA
Locality Name (eg, city) []:Los Angeles
Organization Name (eg, company) []:localhost
Organizational Unit Name (eg, section) []:localhost
Common Name (eg, fully qualified host name) []:localhost
Email Address []:dev@localhost.test

Add To Keychain

  1. Open up KeyChain Access
  2. Select "system"
  3. Select "Certificates"
  4. Drag the rootCA.pem into the window. It will prompt you for your password.
  5. Double click on "localhost"
  6. Select "Always Trust" from dropdown. Close the window (It will prompt you for your password again.

Create csr info

  1. Create a file in ~/.ssh called localhost.csr.cnf and paste the following contents into the file:
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
C=US
ST=CA
L=Los Angeles
O=localhost
OU=localhost
emailAddress=dev@localhost.test
CN = localhost
  1. Create a file called localhost.ext and paste the following into the file
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost

Create the cert to be used be your webserver

$ openssl req -new -sha256 -nodes -out localhost.csr -newkey rsa:2048 -keyout localhost.key -config <( cat localhost.csr.cnf )

$ openssl x509 -req -in localhost.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out localhost.crt -days 10000 -sha256 -extfile localhost.ext

Copy files to web server

  1. Copy localhost.crt and localhost.key to server

Enable on Webservers

Chrome

  1. In chrome, go to chrome://flags/
  2. Search for "allow-insecure-localhost" and enable it
  3. Restart the browser

Firefox

  1. In Firefox, go to about:config
  2. Search for security.enterprise_roots.enabled and change it to true

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment