Skip to content

SSL For local environment

Jump to bottom Edit New page
ordavidil edited this page Dec 24, 2015 · 4 revisions

Local SSL websites

Ubuntu

Just follow this: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

OSX

(Adapted from jonathantneal's gist)

Create a SSL directory.

sudo mkdir /etc/apache2/ssl

Generate two Host keys, decrypting the later.

sudo openssl genrsa -out /etc/apache2/server.key 2048
sudo openssl genrsa -out /etc/apache2/ssl/localhost.key 2048
sudo openssl rsa -in /etc/apache2/ssl/localhost.key -out /etc/apache2/ssl/localhost.key.rsa

Save the following as /etc/apache2/ssl/localhost.conf (Add your local hosts as DNS.n = [host] under [alt_names]:

[req]
default_bits = 1024
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = myhost.local

Generate Certificate Requests using the OpenSSL Configuration, optionally replacing the defaults.

sudo openssl req -new -key /etc/apache2/server.key -subj "/C=/ST=/L=/O=/CN=/emailAddress=/" -out /etc/apache2/server.csr
sudo openssl req -new -key /etc/apache2/ssl/localhost.key.rsa -subj "/C=US/ST=California/L=Orange/O=IndieWebCamp/CN=localhost/" -out /etc/apache2/ssl/localhost.csr -config /etc/apache2/ssl/localhost.conf

Use the Certificate Requests to sign the SSL Certificates with extensions.

sudo openssl x509 -req -days 365 -in /etc/apache2/server.csr -signkey /etc/apache2/server.key -out /etc/apache2/server.crt
sudo openssl x509 -req -extensions v3_req -days 365 -in /etc/apache2/ssl/localhost.csr -signkey /etc/apache2/ssl/localhost.key.rsa -out /etc/apache2/ssl/localhost.crt -extfile /etc/apache2/ssl/localhost.conf

Add the later SSL Certificate to Keychain Access.

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/ssl/localhost.crt

Setting up an https Virtual Host

Edit the Apache Configuration /etc/apache2/httpd.conf

Uncomment lines ~89 and ~143 to enable modules required by HTTPS.

LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so

LoadModule ssl_module libexec/apache2/mod_ssl.so

Uncomment line ~516 to enable Trusted Virtual Hosts.

Include /private/etc/apache2/extra/httpd-ssl.conf

Add 443 virtual host settings, either to the vhosts file: /etc/apache2/extra/httpd-vhosts.conf, or to your user's apache settings file: /etc/apache2/users/itamar.conf.

Add a 443 Directive (Change VirtualDocumentRoot according to your sites path. %1 would be myhost if the host is myhost.local).

<VirtualHost *:443>
    VirtualDocumentRoot /Users/itamar/Sites/%1/www

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key
</VirtualHost>

Restart Apache.

sudo apachectl restart
Add a custom footer
Add a custom sidebar
Clone this wiki locally