We will generate an "Always Trusted" certificate on out local Mac, this can be used to generate an SSL certificate for any site(s) on your Mac.
cd
mkdir ssl
cd sslopenssl genrsa -des3 -out rootCA.key 2048openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pemYou will be asked several questions, you can enter anything, such as:
Country Name: GB
State or Province Name: ScreenCloud
Locality Name: ScreenCloud
Organization Name: ScreenCloud
Organizational Unit Name: ScreenCloud Devs
Common Name: *.dev.next.sc
Email Address: devs@screen.cloudOpen Keychain Access Applications > Utilities > Keychain Access and go to the Certificates category on the left sidebar. Click File > Import Items and import the newly generated rootCA.pem file.
Double click the new entry that appears in Keychain Access and under the Trust accordion, select Always Trust for the When using this certificate: option.
Generate a csr config template:
touch server.csr.cnfAnd paste the following in this file:
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=GB
ST=ScreenCloud
L=ScreenCloud
O=ScreenCloud
OU=ScreenCloud Devs
emailAddress=devs@screen.cloud
CN = *.dev.next.scGenerate a v3 config template:
touch v3.extAnd paste the following in this file:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.dev.next.scGenerate a server.key file:
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )Generate a server.crt file:
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.extAll done, now copy the generated server.key and server.crt to the root /ssl folder within the project and activate SSL via the .env as per the apps readme.md.