You only need to do this once for your computer. All subsequent certificates you make will get generated from this root cert.
First, generate a private key:
openssl genrsa -des3 -out myCA.key 2048
Next, make a root certificate using that key. Use the password you just chose. You can skip all the answers except for Common Name as you'll need to find that in a list later.
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
Add your root certificate to the Keychain app on Mac.
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" myCA.pem
Double click it and always trust.
Once your root cert is trusted, you can generate certificates for each project. I'll use dev.project.com
but replace this with whatever dev url you use in your hosts file.
First, create a private key:
openssl genrsa -out dev.project.com.key 2048
Then create a csr:
openssl req -new -key dev.project.com.key -out dev.project.com.csr
After that, create a configuration file for the project. Create a file named dev.project.com.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = dev.project.com
DNS.2 = dev.project.com.192.168.1.19.xip.io
Finally, create and sign the certificate:
openssl x509 -req -in dev.project.com.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out dev.project.com.crt -days 1825 -sha256 -extfile dev.project.com.ext
Now you have a certificate that's valid for dev.project.com
, so you'll need to develop against that.
Open your hosts file (/private/etc/hosts
on mac) and add a new line like:
127.0.0.1 dev.project.com
Save the file. Now, while developing, have your dev server use the generated certificate files and develop against https://dev.project.com
using whatever port numbers the server uses.
original article: https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/