Skip to content

Instantly share code, notes, and snippets.

@andrejcremoznik

andrejcremoznik/Instructions (self-signed SSL certificates).md

Last active March 10, 2019 18:30
Show Gist options
  • Save andrejcremoznik/41fe07e342ac4d2376b8547155d6e049 to your computer and use it in GitHub Desktop.
Save andrejcremoznik/41fe07e342ac4d2376b8547155d6e049 to your computer and use it in GitHub Desktop.
Download ZIP
Move your local development to HTTPS easily with self signed SSL certificates.
Raw
Instructions (self-signed SSL certificates).md

You need to create a personal Certificate Authority and install this CA into your system and browsers. Then you can create any number of self signed certificates for any domain you want.

  1. Create your CA (write down the passphrase)

    openssl genrsa -des3 -out myCA.key 2048
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem

  2. Install your CA system-wide (this is for Arch linux)

    sudo cp myCA.pem /etc/ca-certificates/trust-source/anchors/myCA.crt
sudo trust extract-compat

    If some browser doesn't pick up this certificate, you can also manually install the myCA.pem into the browser's keychain. Search the web for instructions on how to install custom CA certificates.

  3. Create server certs for your domains (see makecert.sh below). You can leave most details blank except for the domain name. The script will ask for the passphrase of your CA key, so have that ready. You need the myCA.key and myCA.pem from step 1 in the same directory as makecert.sh.

    ./makecert.sh exampledomain.dev

  4. Add exampledomain.dev/example.dev.crt and exampledomain.dev/example.dev.key to your webserver (in Nginx those are ssl_certificate and ssl_certificate_key respectively).

Raw
makecert.sh
#!/usr/bin/env bash
if [ $# -lt 1 ]; then
echo -e "\nUsage:"
echo -e " $0 <domain>"
echo -e "\nExample:"
echo -e " $0 mydomain.dev\n"
exit
fi
domain="$1"
if [ ! -d $domain ]; then
mkdir $domain
fi
openssl genrsa -out $domain/$domain.key 2048
openssl req -new -key $domain/$domain.key -out $domain/$domain.csr
echo "authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${domain}
" > $domain/$domain.conf
openssl x509 -req -in $domain/$domain.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out $domain/$domain.crt -days 1825 -sha256 -extfile $domain/$domain.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment