Skip to content

Instantly share code, notes, and snippets.

@wai-lin

wai-lin/https dev environment for Linux.md

Last active July 21, 2023 14:34
Show Gist options
  • Save wai-lin/074a9d5bdf12e3ab1f10bdac6a12af69 to your computer and use it in GitHub Desktop.
Save wai-lin/074a9d5bdf12e3ab1f10bdac6a12af69 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
https dev environment for Linux.md

How to create HTTPS dev envronment in Linux

Update

If you want to generate certificates manually follow up to the Create Certificate with OpenSSL in the next section. This is more recommended way of doing since you don't have to do the manual labour and free from the risk of human error.

The solution is using auto-generate tool called mkcert. It is written in go and work perfectly fine on almost every OS with super easy commands. You can install mkcert with their recommended ways. Here's the link.

After installing, you can just type mkcert <your-domain-name-here> to generate cert files. Eg. for localhost, type mkcert localhost will create .key and .pem file for localhost and you can just use any of your local development setup.

Create Certificate with OpenSSL

Fedora users can follow this link.

I suggest to follow the second method with openSSL

I tried the first method and I didn't succeed. Maybe you can.

https://fedoraproject.org/wiki/Https

  1. Generate Private Key
openssl genrsa -des3 -out rootCA.key 2048
  1. Generate Root Certificate
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1825 -out rootCA.pem
Enter pass phrase for myCA.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:Nova Scotia
Locality Name (eg, city) []:Truro
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Delicious Brains Inc
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:Delicious Brains
Email Address []:[email protected]
  1. Convert .pem file to .crt(Certificate) file
openssl x509 -in rootCA.pem -inform PEM -out rootCA.crt
  1. Install converted certificate
sudo mkdir /usr/share/ca-certificates/extra
sudo cp rootCA.crt /usr/share/ca-certificates/extra
sudo update-ca-certificates #Ubuntu

sudo update-ca-trust #Arch/Manjaro
# OR
sudo trust extract-compact #Arch/Manjaro
  1. Create CA-Signed Certificate for Dev Site
openssl genrsa -out your-dev-site-name.key 2048

Replace your-dev-site-name with your local dev domain

eg. localhost

  1. Making csr
openssl req -new -key your-dev-site-name.key -out your-dev-site-name.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:Nova Scotia
Locality Name (eg, city) []:Truro
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Delicious Brains Inc
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:Mergebot
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
  1. Creating domains.ext (extension for sub alternative name) file
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = dev.deliciousbrains.com

Replace your-dev-site-name with your local dev domain

eg. localhost

  1. Create certificate file
openssl x509 -req -in your-dev-site-name.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial \
-out your-dev-site-name.crt -days 825 -sha256 -extfile domains.ext

DONE !!

References

How to Create Your Own SSL Certificate Authority for Local HTTPS Development

How do I install a root certificate? - Ask Ubuntu

How do i import a Trusted Root Certificate - Newbie Corner - Manjaro Linux Forum

@vandot
Copy link

vandot commented Mar 25, 2023

I just released lodev, single binary that provides easy setup for local development env with SSL (HTTPS).
It will create local CA, install it as a trusted CA and generate certificate and key. Spin up small DNS server that is used only to resolve dev.lo domain and create reverse proxy on port 443 under https://dev.lo domain and by default proxy all requests to http://localhost:3000, target port can be changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment