Ubuntu SSL For Local Development
NOTE: For now, this is just a reference for myself. Having said that, most of the instructions in this article will probably work for you if you’re running Ubuntu.
Generate a private key
Navigate to a certificates directory *(e.g. ~/certificates)* and run the following
openssl genrsa -des3 -out mysite-authority.key 2048
Generate a root certificate using the key we just created
Run the following, enter the password used when generating the private key, enter certificate authority details
sudo openssl req -x509 -new -nodes -key mysite-authority.key -sha256 -days 1825 -out mysite-authority.pem
Install the certificate on devices that will view this site (Ubuntu)
Copy your certificate in PEM format (the format that has — — BEGIN CERTIFICATE — — in it) into /usr/local/share/ca-certificates and name it with a .crt file extension.
sudo cp mysite-authority.pem /usr/local/share/ca-certificates/mysite-authority.pem.crt
and update Certificate Authority Certificates…
For Ubuntu systems
sudo update-ca-certificates
For Firefox
sudo dpkg-reconfigure ca-certificates
For Chrome
Find your certificate authority (ends in .pem)
Creating a Certificate, Signed By The Certificate Authority
First, create a private key
openssl genrsa -out api.mysite.test.key 2048
Then, a CSR (Certificate Signing Request)
sudo openssl req -new -key api.mysite.test.key -out api.mysite.test.csr
Now create a config file (e.g. **api.mysite.test.ext**) that will be used to generate the certificate
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names[alt_names]
DNS.1 = api.mysite.test
DNS.2 = 127.0.0.1
DNS.3 = localhost
And run the following command to create the certificate.
NOTE: In the following command, we’re creating a certificate that’s signed by the certificate authority.
Any certificate signed by a certificate authority doesn’t need to be installed! This is great news, because it means once the certificate authority has been installed, you can jump to “Creating a Certificate, Signed By The Certificate Authority” on this page, follow the steps, and you’ll have a certificate that just works!
openssl x509 -req -in api.mysite.test.csr -CA mysite-authority.pem -CAkey mysite-authority.key -CAcreateserial -out api.mysite.test.crt -days 1825 -sha256 -extfile api.mysite.test.ext
restart nginx ( for my own records, not required😉)
sudo /etc/init.d/nginx restart