This tool generates self-signed SSL certificates which can be used for local development environments. You can easily cover any local subdomains with this certificate.
We suggest using *.localhost
domains for local development. As they are resolved to your local machine by default and don't require any additional records in local hosts
file.
- You need to have installed OpenSSL to be able to generate self-signed SSL certificates.
Basic usage is straightforward and you need to follow 3 simple steps.
Lets say you are working on myproject
project, so command to generate local SSL certificate will be the following:
$ ./generate.sh myproject
...
New SSL certificate was generated:
- Certificate: /var/www/selfsigned-ssl-certificates/ssl/myproject.crt
- Key: /var/www/selfsigned-ssl-certificates/ssl/myproject.key
DNS Names:
- myproject.localhost
- *.myproject.localhost
Please note, you can generate an SSL certificate for any custom subdomains. Please have a look at examples.
Example for nginx
:
server {
listen 443 ssl;
ssl_certificate /var/www/selfsigned-ssl-certificates/ssl/myproject.crt;
ssl_certificate_key /var/www/selfsigned-ssl-certificates/ssl/myproject.key;
...
}
and Apache
:
<VirtualHost *:443>
...
<IfModule mod_ssl.c>
SSLEngine on
SSLCertificateFile /var/www/selfsigned-ssl-certificates/ssl/myproject.crt
SSLCertificateKeyFile /var/www/selfsigned-ssl-certificates/ssl/myproject.key
</IfModule>
</VirtualHost>
If you are running OS X, you should open "Keychain Access" by running the following command from terminal:
open /Applications/Utilities/Keychain\ Access.app /var/www/selfsigned-ssl-certificates/ssl/myproject.crt
And then follow these steps:
- Select "Certificates" category
- Open generated certificate details
- Extend "Trust" tab
- Updated "When using this certificate" to "Always Trust"
If you are running UNIX, you should:
- Copy generated certificate to
/usr/local/share/ca-certificates
:sudo cp /var/www/selfsigned-ssl-certificates/ssl/myproject.crt /usr/local/share/ca-certificates/
- Update local certificates:
sudo update-ca-certificates
Alternatively you can whitelist certificate in your browser. If you are using Chrome just open chrome://flags/#allow-insecure-localhost and enable highlighted "Allow invalid certificates for resources loaded from localhost" setting.
Now just open https://myproject.localhost/ and enjoy free self-signed SSL certificate.
- Generate SSL certificate for
contextualcode
project without any additional sub domains:$ ./generate.sh contextualcode ... New SSL certificate was generated: - Certificate: /var/www/selfsigned-ssl-certificates/ssl/contextualcode.crt - Key: /var/www/selfsigned-ssl-certificates/ssl/contextualcode.key DNS Names: - contextualcode.localhost - *.contextualcode.localhost
- Generate SSL certificate for
website
project with additionalen.admin
andfr.admin
sub domains:$ ./generate.sh website 'en.admin,fr.admin' ... New SSL certificate was generated: - Certificate: /var/www/selfsigned-ssl-certificates/ssl/website.crt - Key: /var/www/selfsigned-ssl-certificates/ssl/website.key DNS Names: - website.localhost - *.website.localhost - en.admin.website.localhost - fr.admin.website.localhost