Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Creating Valid Certificates for Local Development

Creating the Root Certificate

You only need to do this once for your computer. All subsequent certificates you make will get generated from this root cert.

First, generate a private key:

openssl genrsa -des3 -out myCA.key 2048

Next, make a root certificate using that key. Use the password you just chose. You can skip all the answers except for Common Name as you'll need to find that in a list later.

openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem

Add your root certificate to the Keychain app on Mac. Double click it and always trust.

Creating Certificates

Once your root cert is trusted, you can generate certificates for each project. I'll use dev.project.com but replace this with whatever dev url you use in your hosts file.

First, create a private key:

openssl genrsa -out dev.project.com.key 2048

Then create a csr:

openssl req -new -key dev.project.com.key -out dev.project.com.csr

After that, create a configuration file for the project. Create a file named dev.project.com.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = dev.project.com
DNS.2 = dev.project.com.192.168.1.19.xip.io

Finally, create and sign the certificate:

openssl x509 -req -in dev.project.com.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out dev.project.com.crt -days 1825 -sha256 -extfile dev.project.com.ext

Editing the Hosts File

Now you have a certificate that's valid for dev.project.com, so you'll need to develop against that.

Open your hosts file (/private/etc/hosts on mac) and add a new line like:

127.0.0.1       dev.project.com

Save the file. Now, while developing, have your dev server use the generated certificate files and develop against https://dev.project.com using whatever port numbers the server uses.

@paulcpederson

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.