Update: Use mkcert instead
Based on this tutorial.
First set your location:
export COUNTRY="US"
export STATE="California"
export CITY="Los Angeles"
Then run the following:
mkdir -p ~/.https-server && cd ~/.https-server
cat > $(hostname).cnf <<-EOF
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = root_ca
[ req_distinguished_name ]
countryName = $COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = $STATE
localityName = $CITY
0.organizationName = $(whoami)
organizationalUnitName = $(whoami)
commonName = $(hostname).local
commonName_max = 64
emailAddress = $(whoami)@$(hostname).local
emailAddress_max = 64
[ root_ca ]
basicConstraints = critical, CA:true
EOF
cat > $(hostname).ext <<-EOF
subjectAltName = @alt_names
extendedKeyUsage = serverAuth
[alt_names]
DNS.1 = localhost
DNS.2 = $(hostname).local
EOF
openssl req \
-x509 \
-newkey rsa:2048 \
-out $(hostname)-CA.cer \
-outform PEM \
-keyout $(hostname)-CA.pvk \
-days 10000 \
-verbose \
-config $(hostname).cnf \
-nodes \
-sha256 \
-subj "/CN=$(hostname)-CA"
openssl req \
-newkey rsa:2048 \
-keyout localhost.pvk \
-out localhost.req \
-subj /CN=localhost \
-sha256 \
-nodes
openssl x509 \
-req -CA $(hostname)-CA.cer \
-CAkey $(hostname)-CA.pvk \
-in localhost.req \
-out localhost.cer \
-days 10000 \
-extfile $(hostname).ext \
-sha256 \
-set_serial 0x1111
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $(hostname)-CA.cer
Then, when you want to serve your current directory, run the following commands to install an HTTP server:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" # install homebrew
brew install http-server
Then start the server:
http-server -S \
-C ~/.https-server/localhost.cer \
-K ~/.https-server/localhost.pvk
Alternatively, add it to your ~/.bashrc
or ~/.zshrc
:
echo 'alias https="http-server -S -C ~/.https-server/localhost.cer -K ~/.https-server/localhost.pvk -a $(hostname).local"' >> ~/.bashrc
Note that you need to access the page via https://localhost:8080/
or https://{your hostname}.local:8080/
. If you try to use your IP address it may not work.