Self signed certs

Installing self-signed SSL certificates for development
This will generate a set of self-signed keys for a dev site. I'm using "blog" as the name for the keys, and the address of the site is blog.testsite
openssl req -x509 -out blog.crt -keyout blog.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=blog.testsite' -extensions EXT -config <( printf "[dn]\nCN=blog.testsite\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:blog.testsite\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
Copy these into /etc/ssl/certs/
(crt) and /etc/ssl/private/
(key) and update the apache config to use these.
This will still show an error in the browser unless you install them into your internet settings. On Windows 7 select Place certificates into the following store
, tick the Show physical stores
checkbox, scroll back up to Trusted root authorities
and drop it into Local Computer
. Reload your browser and that site is now trusted!
Update: or use a wildcard certificate from Let's Encrypt and internal DNS. Wasn't an option at the time.