- 
      
- 
        Save dreaddymck/3ff90d82017ff3a738b83d9d49897c14 to your computer and use it in GitHub Desktop. 
Revisions
- 
        cecilemuller renamed this gist Nov 15, 2019 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewingFile renamed without changes.
- 
        cecilemuller revised this gist Jun 22, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewingThis file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -27,7 +27,7 @@ First, create a file `domains.ext` that lists all your local domains: authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = localhost 
- 
        cecilemuller revised this gist Jun 20, 2018 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewingThis file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,7 @@ # How to create an HTTPS certificate for localhost domains This focuses on generating the certificates for loading local virtual hosts hosted on your computer, for development only. **Do not use self-signed certificates in production !** For online certificates, use Let's Encrypt instead ([tutorial](https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8)). 
- 
        cecilemuller revised this gist Jun 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewingThis file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -50,7 +50,7 @@ You can now configure your webserver, for example with Apache: ## Trust the local CA At this point, the site would load with a warning about self-signed certificates. In order to get a green lock, your new local CA has to be added to the trusted Root Certificate Authorities. ### Windows 10: Chrome, IE11 & Edge 
- 
        cecilemuller created this gist Jun 20, 2018 .There are no files selected for viewingThis file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,73 @@ # How to create an HTTPS certificate for localhost domains This focuses on generating the certificates for loading local virtual hosts hosted locally on your computer. **Do not use self-signed certificates in production !** For online certificates, use Let's Encrypt instead ([tutorial](https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8)). ## Certificate authority (CA) Generate `RootCA.pem`, `RootCA.key` & `RootCA.crt`: openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=Example-Root-CA" openssl x509 -outform pem -in RootCA.pem -out RootCA.crt Note that `Example-Root-CA` is an example, you can customize the name. ## Domain name certificate Let's say you have two domains `fake1.local` and `fake2.local` that are hosted on your local machine for development (using the `hosts` file to point them to `127.0.0.1`). First, create a file `domains.ext` that lists all your local domains: authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEnciphement, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = fake1.local DNS.3 = fake2.local Generate `localhost.key`, `localhost.csr`, and `localhost.crt`: openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost.local" openssl x509 -req -sha256 -days 1024 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt Note that the country / state / city / name in the first command can be customized. You can now configure your webserver, for example with Apache: SSLEngine on SSLCertificateFile "C:/example/localhost.crt" SSLCertificateKeyFile "C:/example/localhost.key" ## Trust the local CA At this point, the site would load with a warning about self-signed certificates. In order to get a green lock, the local CA has to be added to trusted CA. ### Windows 10: Chrome, IE11 & Edge Windows 10 recognizes `.crt` files, so you can right-click on `RootCA.crt` > `Install` to open the import dialog. Make sure to select "Trusted Root Certification Authorities" and confirm. You should now get a green lock in Chrome, IE11 and Edge. ### Windows 10: Firefox There are two ways to get the CA trusted in Firefox. The simplest is to make Firefox use the Windows trusted Root CAs by going to `about:config`, and setting `security.enterprise_roots.enabled` to `true`. The other way is to import the certificate by going to `about:preferences#privacy` > `Certificats` > `Import` > `RootCA.pem` > `Confirm for websites`.