Generate a CSR for production use: openssl req -nodes -newkey rsa:2048 -sha256 -keyout mysite-ssl.private-key.pem -out mysite-ssl.csr -subj ' /C=US/ST=California/L=Palo Alto/O=My Company Inc./CN=*.example.com' Generate a long-lasting self-signed cert & trust it for localhost development usage: openssl req -nodes -newkey rsa:2048 -sha256 -x509 -days 3650 -keyout selfsigned.key -out selfsigned.crt -subj ' /C=US/ST=Anywhere/L=Anywhere/O=Localhost/CN=local.example.com' Tell OS X to remember & trust a self-signed certificate sudo security add-trusted-cert -p ssl -d -r trustRoot -k ~ /Library/Keychains/login.keychain selfsigned.crt Generate a long-lasting self-signed multi-domain (SAN) cert & trust it for localhost development usage: openssl req \
-nodes \
-newkey rsa:2048 \
-sha256 \
-x509 \
-days 3650 \
-keyout selfsigned.key \
-out selfsigned.crt \
-subj ' /C=US/ST=California/L=Palo Alto/O=My Company Inc./CN=example.com' <( cat << -EOF
[ req ] distinguished_name = req_distinguished_name x509_extensions = v3_ca [req_distinguished_name] countryName = countryName_default = stateOrProvinceName = stateOrProvinceName_default = localityName = localityName_default = organizationalUnitName= OrganizationallUnitName_default= commonName = commonName_max= 64 [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always subjectAltName = @alt_names [alt_names] DNS.1 = example.com DNS.2 = example.org EOF ) 