Enable HTTPS on Localhost (MacOS)

README.md

Enable HTTP on Localhost (MacOS)

Create Root Certificate and CA

$ cd ~/.ssh

$ openssl genrsa -des3 -out rootCA.key 2048

// Choose any number of days. I chose 10000 to make it far in the future.
$ openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 10000 -out rootCA.pem

Enter pass phrase for localhost.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:US
State or Province Name (full name) []:CA
Locality Name (eg, city) []:Los Angeles
Organization Name (eg, company) []:localhost
Organizational Unit Name (eg, section) []:localhost
Common Name (eg, fully qualified host name) []:localhost
Email Address []:[email protected]

Add To Keychain

1. Open up KeyChain Access
2. Select "system"
3. Select "Certificates"
4. Drag the rootCA.pem into the window. It will prompt you for your password.
5. Double click on "localhost"
6. Select "Always Trust" from dropdown. Close the window (It will prompt you for your password again.

Create csr info

1. Create a file in ~/.ssh called localhost.csr.cnf and paste the following contents into the file:

[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
C=US
ST=CA
L=Los Angeles
O=localhost
OU=localhost
[email protected]
CN = localhost

2. Create a file called localhost.ext and paste the following into the file

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost

Create the cert to be used be your webserver

$ openssl req -new -sha256 -nodes -out localhost.csr -newkey rsa:2048 -keyout localhost.key -config <( cat localhost.csr.cnf )

$ openssl x509 -req -in localhost.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out localhost.crt -days 10000 -sha256 -extfile localhost.ext

Copy files to web server

1. Copy localhost.crt and localhost.key to server

Enable on Webservers

Chrome

1. In chrome, go to chrome://flags/
2. Search for "allow-insecure-localhost" and enable it
3. Restart the browser

Firefox

1. In Firefox, go to about:config
2. Search for security.enterprise_roots.enabled and change it to true

References

• https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec
• https://github.com/dakshshah96/local-cert-generator/
• https://letsencrypt.org/docs/certificates-for-localhost/
• http://www.andrewconnell.com/blog/updated-creating-and-trusting-self-signed-certs-on-macos-and-chrome