Installing self-signed SSL certificates for development
This will generate a set of self-signed keys for a dev site. I'm using "blog" as the name for the keys, and the address of the site is
openssl req -x509 -out blog.crt -keyout blog.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=blog.testsite' -extensions EXT -config <( printf "[dn]\nCN=blog.testsite\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:blog.testsite\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
Copy these into
/etc/ssl/certs/ (crt) and
/etc/ssl/private/ (key) and update the apache config to use these.
This will still show an error in the browser unless you install them into your internet settings. On Windows 7 select
Place certificates into the following store, tick the
Show physical stores checkbox, scroll back up to
Trusted root authorities and drop it into
Local Computer. Reload your browser and that site is now trusted!
Update: or use a wildcard certificate from Let's Encrypt and internal DNS. Wasn't an option at the time.