Self signed certs

Published , updated by Richard GoodwinFiled under Quickies

Installing self-signed SSL certificates for development

This will generate a set of self-signed keys for a dev site. I'm using "blog" as the name for the keys, and the address of the site is blog.testsite

openssl req -x509 -out blog.crt -keyout blog.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=blog.testsite' -extensions EXT -config <( printf "[dn]\nCN=blog.testsite\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:blog.testsite\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Copy these into /etc/ssl/certs/ (crt) and /etc/ssl/private/ (key) and update the apache config to use these.

This will still show an error in the browser unless you install them into your internet settings.  On Windows 7 select Place certificates into the following store, tick the Show physical stores checkbox, scroll back up to Trusted root authorities and drop it into Local Computer.  Reload your browser and that site is now trusted!

Update: or use a wildcard certificate from Let's Encrypt and internal DNS.  Wasn't an option at the time.