Skip to content

Instantly share code, notes, and snippets.

@paulcpederson
Last active December 29, 2023 19:35
Show Gist options
  • Save paulcpederson/6e2ff7e85d396e4df007e8a5a00e8a1b to your computer and use it in GitHub Desktop.
Save paulcpederson/6e2ff7e85d396e4df007e8a5a00e8a1b to your computer and use it in GitHub Desktop.
Creating Valid Certificates for Local Development

Creating the Root Certificate

You only need to do this once for your computer. All subsequent certificates you make will get generated from this root cert.

First, generate a private key:

openssl genrsa -des3 -out myCA.key 2048

Next, make a root certificate using that key. Use the password you just chose. You can skip all the answers except for Common Name as you'll need to find that in a list later.

openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem

Add your root certificate to the Keychain app on Mac.

sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" myCA.pem

Double click it and always trust.

Creating Certificates

Once your root cert is trusted, you can generate certificates for each project. I'll use dev.project.com but replace this with whatever dev url you use in your hosts file.

First, create a private key:

openssl genrsa -out dev.project.com.key 2048

Then create a csr:

openssl req -new -key dev.project.com.key -out dev.project.com.csr

After that, create a configuration file for the project. Create a file named dev.project.com.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = dev.project.com
DNS.2 = dev.project.com.192.168.1.19.xip.io

Finally, create and sign the certificate:

openssl x509 -req -in dev.project.com.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out dev.project.com.crt -days 1825 -sha256 -extfile dev.project.com.ext

Editing the Hosts File

Now you have a certificate that's valid for dev.project.com, so you'll need to develop against that.

Open your hosts file (/private/etc/hosts on mac) and add a new line like:

127.0.0.1       dev.project.com

Save the file. Now, while developing, have your dev server use the generated certificate files and develop against https://dev.project.com using whatever port numbers the server uses.

@paulcpederson
Copy link
Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment