For testing .local domains using SSL we can't use letsencrypt & certbot as explained here. (where did that link go)
Instead we need to create our own self-signed certificates and get the local machine to trust them. Chrome is extra strict and whinges about pretty much everything, and I couldn't get it to trust a self-signed wildcard CN cert. So here's what I did to get it working locally on OSX with a happy chrome:
First create an openssl.cnf
file:
[req]
prompt = no
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
CN = your.domain.local
[ v3_req ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.your.domain.local
DNS.2 = your.domain.local
Then run the following command to generate a private key and a self-signed cert:
openssl req -x509 \
-out your.domain.local.crt \
-keyout your.domain.local.key \
-newkey rsa:2048 -nodes -sha256 \
-extensions v3_req -config openssl.cnf
Once you have the cert:
- open up the Keychain Access app, click on the "login" Keychain
- add the newly generated your.domain.local.crt to the "Certificates" category
- once added, double click the cert to bring up the details
- open the "Trust" category and set to "Always trust"
- Restart chrome
- Now your local cert is trusted by chrome on your local machine.
https://grokify.github.io/security/wildcard-subject-alternative-name-ssl-tls-certificates/ https://blog.sleeplessbeastie.eu/2016/11/14/how-to-generate-self-signed-ssl-certificate/