Skip to content

Instantly share code, notes, and snippets.

@kylemcdonald

kylemcdonald/ssl-mac.md

Last active Jan 22, 2021
Embed
What would you like to do?
Set up SSL server on Mac.

Update: Use mkcert instead

Based on this tutorial.

First set your location:

export COUNTRY="US"
export STATE="California"
export CITY="Los Angeles"

Then run the following:

mkdir -p ~/.https-server && cd ~/.https-server
cat > $(hostname).cnf <<-EOF
[ req ]
distinguished_name  = req_distinguished_name
x509_extensions     = root_ca

[ req_distinguished_name ]
countryName             = $COUNTRY
countryName_min         = 2
countryName_max         = 2
stateOrProvinceName     = $STATE
localityName            = $CITY
0.organizationName      = $(whoami)
organizationalUnitName  = $(whoami)
commonName              = $(hostname).local
commonName_max          = 64
emailAddress            = $(whoami)@$(hostname).local
emailAddress_max        = 64

[ root_ca ]
basicConstraints            = critical, CA:true
EOF
cat > $(hostname).ext <<-EOF
subjectAltName = @alt_names
extendedKeyUsage = serverAuth

[alt_names]
DNS.1   = localhost
DNS.2   = $(hostname).local
EOF
openssl req \
  -x509 \
  -newkey rsa:2048 \
  -out $(hostname)-CA.cer \
  -outform PEM \
  -keyout $(hostname)-CA.pvk \
  -days 10000 \
  -verbose \
  -config $(hostname).cnf \
  -nodes \
  -sha256 \
  -subj "/CN=$(hostname)-CA"
openssl req \
  -newkey rsa:2048 \
  -keyout localhost.pvk \
  -out localhost.req \
  -subj /CN=localhost \
  -sha256 \
  -nodes
openssl x509 \
  -req -CA $(hostname)-CA.cer \
  -CAkey $(hostname)-CA.pvk \
  -in localhost.req \
  -out localhost.cer \
  -days 10000 \
  -extfile $(hostname).ext \
  -sha256 \
  -set_serial 0x1111
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $(hostname)-CA.cer

Then, when you want to serve your current directory, run the following commands to install an HTTP server:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" # install homebrew
brew install http-server

Then start the server:

http-server -S \
  -C ~/.https-server/localhost.cer \
  -K ~/.https-server/localhost.pvk

Alternatively, add it to your ~/.bashrc or ~/.zshrc:

echo 'alias https="http-server -S -C ~/.https-server/localhost.cer -K ~/.https-server/localhost.pvk -a $(hostname).local"' >> ~/.bashrc

Note that you need to access the page via https://localhost:8080/ or https://{your hostname}.local:8080/. If you try to use your IP address it may not work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment