Secure HTTPS ( Locally )

Almost every website you visited today is protected by HTTPS. If your site isn’t, then it should be. When you work locally it is not necessary to use HTTPS but is a good practice from my own experience, and using a secure HTTPS locally is as awesome as it gets.

The reason why I like to use HTTPS is that it doesn’t give you that annoying ( not secure ) in the browser address bar.

Generating a Root SSL Certificate is very simple, overall there are different ways to do so. When you generate a new RSA, these certificates when generated will ask you to for a passphrase or a password, this allows other domain certificates to be used but the problem with this is, you will need to enter the password for security reasons, but in local development, there is no reason to use a password for your local environment. I will be showing you how to generate a root certificate without a password.

ROOT Certificate

openssl genrsa -out "/srv/certificates/ca/ca.key" 4096
openssl req -x509 -new -nodes -key "/srv/certificates/ca/ca.key" -sha256 -days 3650 -out "/srv/certificates/ca/ca.crt" -subj "/CN=Local Internal CA"

As you can see, the certificate itself is locted at /srv/, but make sure that you changed ownership to whatever user you are currently using by doing the following

sudo chown -R user:user /srv/

The -R represented reclusive this allows user to inherit whatever folder/files inside of /srv/

Domain Certificate

 openssl genrsa -out "/srv/certificates/${domain}/${domain}.key" 4096
openssl req -new -key "/srv/certificates/${domain}/${domain}.key" -out "/srv/certificates/${domain}/${domain}.csr" -subj "/CN=*.${domain}.test"\
openssl x509 -req -in "/srv/certificates/${domain}/${domain}.csr" -CA "/srv/certificates/ca/ca.crt" -CAkey "/srv/certificates/ca/ca.key" -CAcreateserial -out "/srv/certificates/${domain}/${domain}.crt" -days 3650 -sha256 -extfile "/srv/certificates/${domain}/${domain}.ext"

Leave a Reply

Your email address will not be published. Required fields are marked *