[Server] SSL for Localhost (Local Development Environment)

• Local SSL development (for localhost)

• 1) create Certificate authority (CA)  for local machine

$> openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=Example-Root-CA" $> openssl x509 -outform pem -in RootCA.pem -out RootCA.crt

 

• 2) create Domain name certificate 

• create a domains.ext file with following contents
  
  

authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = fake1.local DNS.3 = fake2.local

 

• 3) Generate localhost.key, localhost.csr, and localhost.crt

$> openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost" $> openssl x509 -req -sha256 -days 1024 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt

 

• 4) update https-vhost.conf 

SSLEngine on SSLCertificateFile "CERTIFICATE/PATH/localhost.crt" SSLCertificateKeyFile "CERTIFICATE/PATH/localhost.key"

• 5) register CA on machine (Mac OS)

  • Run “Keychnin Access” -> Default Keychains (login) -> All Items 

  • drag and drop "localhost.crt" file on "keychain access window"

  • find added "localhost.crt" and double click

  • In Trust tab, change "when using this certificate" value to "always trust"