mister-good-deal/localhost-ssl-conf.md

## localhost-ssl-conf.md

      
    Raw
  

              localhost-ssl-conf.md
            
          
    Localhost SSL config tuto

cd /etc/ssl
Create localhost CA authority

sudo openssl genrsa -des3 -out private/localhost-CA.key 2048
sudo openssl req -x509 -new -nodes -key private/localhost-CA.key -sha256 -days 1825 -out certs/localhost-CA.pem
Generate SSL CA for localhost site

sudo openssl genrsa -out private/bbbot-api.app.key 2048
sudo openssl req -new -key private/bbbot-api.app.key -out certs/bbbot-api.app.csr
Create config file to sign your CA

sudo touch bbbot-api.app.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = bbbot-api.app

Sign your CA with the localhost CA Authority

sudo openssl x509 -req -in certs/bbbot-api.app.csr -CA certs/localhost-CA.pem -CAkey private/localhost-CA.key -CAcreateserial -out certs/bbbot-api.app.crt -days 1825 -sha256 -extfile bbbot-api.app.ext
Apache virtual host conf file

<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName bbbot-api.app
    DocumentRoot /var/www/bbbot-api/public

    ServerSignature Off
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    LogLevel info

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/bbbot-api.app.crt
    SSLCertificateKeyFile /etc/ssl/private/bbbot-api.app.key

    <Directory />
        Options FollowSymLinks
        AllowOverride All
    </Directory>

    <Directory /var/www/bbbot-api/public/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

Other tuto