Skip to content

Instantly share code, notes, and snippets.

@tuto1902

tuto1902/local_ssl.md

Last active December 20, 2019 21:30
Show Gist options
  • Save tuto1902/97f36f13a4a7c1ada45f0428ebd1b399 to your computer and use it in GitHub Desktop.
Save tuto1902/97f36f13a4a7c1ada45f0428ebd1b399 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
local_ssl.md

SSL for Local Development

Generate key file

openssl genrsa -des3 -out rootCA.key 2048

Generate certificate

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

Trust the certificate (MacOS Mojave)

  • Open Keychain access > System > Certificates > File > Import
  • Double Click > Trust > Always Trust

Create a .csr.cnf file

Example:

[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
C=US
ST=RandomState
L=RandomCity
O=RandomOrganization
OU=RandomOrganizationUnit
[email protected]
CN = website.local

Create a v3.ext file

Example:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = website.local

Create a certificate key

openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )

Create a new certificate

openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext

Configure Apache

Inside http.conf

Uncomment this line

LoadModule ssl_module lib/httpd/modules/mod_ssl.so

Add this line

Listen 443

Add these lines in you virtual host configuration

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment