If you’re a developer working on local virtual hosts hosted on your computer, you might need to set up HTTPS certificates for these domains to ensure secure connections.
This tutorial will guide you through the process of generating HTTPS certificates for localhost domains.
Please note that these certificates are intended for development purposes only. Do not use self-signed certificates in production! For online certificates, you should use Let’s Encrypt.
Certificate Authority (CA)
Before we dive into generating the certificates for your local domains, we need to create a Certificate Authority (CA) to sign these certificates. Here’s how you can do it:
- Open a terminal or command prompt.
- Execute the following command to generate the
openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=Example-Root-CA" openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
Please note that
Example-Root-CA in the command above is just an example name, and you can customize it to your preference.
Domain Name Certificate
Once we have our CA ready, let’s proceed to create the domain-specific certificates for our local virtual hosts.
Assume you have two domains,
fake2.local, hosted on your local machine for development, and you’ve already pointed them to
127.0.0.1 using the
- Create a new file named
domains.extand list all your local domains in it:
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage=digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName=@alt_names[alt_names] DNS.1=localhost DNS.2=fake1.local DNS.3=fake2.local
- Now, generate the certificates for your local domains with the following commands:
openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost.local" openssl x509 -req -sha256 -days 1024 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt
Feel free to customize the country, state, city, and name in the first command according to your preferences.
Configure Your Webserver
With the certificates generated, it’s time to configure your web server to use them. For example, if you’re using Apache, you can follow these steps:
- Open your Apache configuration file (e.g.,
- Add the following lines to enable SSL and point to your certificates:
SSLEngine on SSLCertificateFile "/path/to/localhost.crt" SSLCertificateKeyFile "/path/to/localhost.key"
/path/to/localhost.key with the actual paths to your certificate and private key files.
Trust the Local CA
After configuring your web server, you might encounter a warning about self-signed certificates when accessing your local sites.
To resolve this and get the green lock in your browser, you need to add your newly created local CA to the trusted Root Certificate Authorities.
Here’s how to do it on Windows 10 for popular browsers:
Windows 10: Chrome, Internet Explorer 11, and Microsoft Edge
- Windows 10 recognizes
.crtfiles, so you can right-click on
Install, and follow the import dialog.
- Make sure to select “Trusted Root Certification Authorities” and confirm.
After importing the certificate, you should see the green lock in Chrome, Internet Explorer 11, and Microsoft Edge.
Windows 10: Firefox
There are two ways to get the CA trusted in Firefox.
- The simplest method is to make Firefox use the Windows trusted Root CAs by going to
about:configin your address bar, and setting
- Alternatively, you can import the certificate manually by navigating to
Import, and choosing
RootCA.pem. Then, confirm that you want to use this certificate for websites.
Once you’ve completed these steps, your local sites should load without any certificate warnings, and you can safely test and develop with HTTPS enabled.
Remember, the certificates generated through this tutorial are for development purposes only. For production use, make sure to obtain proper certificates from trusted authorities. Happy coding!