The latest articles on DEV Community by Mark Marus (@cvltyxd). https://dev.to/cvltyxd https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F832561%2Fb4beb8ff-714a-4065-b409-57ca1e07b268.jpeg https://dev.to/cvltyxd en Mark Marus Sat, 05 Nov 2022 13:18:13 +0000 https://dev.to/cvltyxd/creating-a-self-signed-ssl-certificate-and-making-your-browser-trust-it-2blo https://dev.to/cvltyxd/creating-a-self-signed-ssl-certificate-and-making-your-browser-trust-it-2blo <p>So i needed to make localhost with ssl certificate but couldn't find a way to create a certificate. After a few hours i found the solution. So first of all:<br> 1) <code>openssl genrsa -out rootCA.key 2048</code><br> 2) <code>openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem</code><br> After those 2 commands you should get 2 files (rootCA.key &amp; rootCA.pem<br> 3) Now let's create a bash script. I'll name it create_certificate_for_domain.sh<br> to begin type this lines:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>if [ -z "$1" ] then echo "Please supply a subdomain to create a certificate for"; echo "e.g. mysite.localhost" exit; fi if [ -f device.key ]; then KEY_OPT="-key" else KEY_OPT="-keyout" fi DOMAIN=$1 COMMON_NAME=${2:-$1} SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME" NUM_OF_DAYS=999 cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g &gt; /tmp/__v3.ext openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext mv device.csr $DOMAIN.csr cp device.crt $DOMAIN.crt rm -f device.crt; </code></pre> </div> <p>4) create csr file <br> openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr<br> 5) now we have to create a support file with settings. I'll call it v3.ext<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = %%DOMAIN%% DNS.2 = *.%%DOMAIN%% </code></pre> </div> <p>5) Now run the script<br> <code>./create_certificate_for_domain.sh mysite.localhost</code><br> 6) We get 2 files: <strong>mysite.localhost.crt</strong> &amp;&amp; <strong>device.key</strong><br> 7) We have to link them to our localhost (nginx example)</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fspwgj4nmjjj3p42r7p9e.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fspwgj4nmjjj3p42r7p9e.png" alt="Image description"></a><br> 8)open our link in browser. you should get security error<br> 9) go into keychain and trust our mysite.localhost.crt</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa0ue86puafa0w4b1dj9s.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa0ue86puafa0w4b1dj9s.png" alt="Image description"></a></p> <p>10) open the browser again and open localhost. That's it, you should be good to go!</p>