Create local CA for trusted self signed https certificates

myCA.md

create myCA private key

openssl genrsa -des3 -out myCA.key 2048

create myCA certificate

openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem

install myCA certificate

# this can vary from system to system
sudo cp myCA.pem /etc/ssl/certs/

import also in your browser

create server private key

openssl genrsa -out server.key 2048

create server signing request

openssl req -new -key server.key -out server.csr

enter localhost in FDN field!

create localhost.ext file:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1

sign server request with myCA

openssl x509 -req -in server.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out server.crt -days 365 -sha256 -extfile localhost.ext