33

I am currently doing local development on a webproject using a LAMP stack. Since my production application will be using https for login, I'd like to be able to mimic this in my local dev environment so that all the url's remain consistent. I am new to ssl certificates so could anyone please point me to some reference on how to do this? Would I need to sign my own certificate? Where do I put the certificate (I have virtualhost configurations using apache)? Thanks.

oym
  • 6,983
  • 16
  • 62
  • 88
  • Note to self: not all cert-related errors are best solved with a cert. This question seems to justify creating one, but in some situations there are simpler alternatives. Most times with local dev, switching from https to http may be suitable. Listing criteria for this decision may be useful. – Kay V May 01 '22 at 11:39

6 Answers6

35

I'm new here but go to this site and the information there

Creating a self signed Certificate

Nick Rolando
  • 25,879
  • 13
  • 79
  • 119
bschuster
  • 384
  • 2
  • 5
  • Yup, this is the walkthrough I used to create a self-signed when I was setting up SSL –  Jul 30 '09 at 11:37
  • That's a very nice step-by-step guide. But even after doing it all, my browser keeps complaining about safety. I'm using Chrome Version 50.0.2661.86 (64-bit). Even after setting all up with apache, it still shows the "Privacy Error - Your connection is not private - Attackers might be trying to steal your information from mysite.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID". What should I do? – Alexandre Schmidt Apr 28 '16 at 23:51
  • 2
    Your browser complains because your certificate is self-signed (signed by your computer, not by a Root certificate authority) and that's invalid. – Szántó Zoltán Oct 18 '16 at 08:37
1

You can use Java's keystore to generate a self-signed certificate for local development.

duffymo
  • 305,152
  • 44
  • 369
  • 561
1

You are best off making a self signed certificate and adding it to whatever machine you use for testing. It should then appear "real" to the client... of course, it is real... just not by a "trusted" place. (quote marks because I swear it is all about money!)

I just found this page that should step you through it

http://www.perturb.org/display/entry/754/

Wil
  • 10,234
  • 12
  • 54
  • 81
  • 3
    I agree with your quotes: the cert verifies that your traffic isn't going to be intercepted - which is the primary thing the vast majority of users care about. By conflating it with "and this is really XYZ's web site" and convincing the buying public that it isn't "secure" unless it is from a "trusted source", the people at Verisign and the major browser makers have set up an easy profit opportunity. The latest racket is "Extended Validation" SSLs - it just breathes greed in and exhales dishonesty out. – Mark Brittingham Jul 30 '09 at 00:37
1

I think the way to go in 2020 is probably to use some command line tools like

All the tools are wrappers arround some openssl command or other lib to generate certificates.

HugoPoi
  • 419
  • 4
  • 7
  • for what it's worth, letsencrypt.org has a blog post suggesting `minica`, as well as providing an openssl command for creating a self-signed cert: https://letsencrypt.org/docs/certificates-for-localhost/ – Kay V May 01 '22 at 00:10
0

My favorite is Ralf's documentation for apache modssl. This page explains how to make a test cert. It's the one I always go to when I need to make one.

http://www.modssl.org/docs/2.8/ssl_faq.html

lumpynose
  • 967
  • 4
  • 12
0

Obviously since you're using Java and Apache this isn't going to be much good but anyhow, if you also do any .Net development you'll have these tools available and maybe this can help you on your way and actually generate the certificate. I use makecert which is available in the .Net SDK, here's the batch file I use for creating my own SSL certificates for local .Net development and IIS;

@ECHO OFF
REM 
REM This script will create a certificate to enable HTTPS for the localhost in IIS
REM Complete the following steps to install the certificate
REM
REM 1.  Run this file to create the certificate 
REM 2.  Open MMC.exe
REM 3.  Click File > Add/Remove Snap In > Add and select 'Certificates'
REM 4.  Select 'Computer Account'
REM 5.  Select 'Local Computer' and click 'Finish', 'Close', 'OK'
REM 6.  Expand Certificates > Personal > Certificates, the new certificate should be listed
REM 7.  In IIS open the Properties of the Default Web Site
REM 8.  Select 'Directory Security' tab and click 'Server Certificate'
REM 9.  The Certificate Wizard will open, choose 'Assign Existing Certificate'   [may     need to cancel a pending certificate request]
REM 10. Select new certificate from list and accept change
REM 11. Ensure that the site is using the default port for SSL 443
REM

C:
CD \
CALL "C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\sdkvars.bat"
ECHO Creating Certificate
makecert -r -pe -n "CN=localhost" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
PAUSE

Change the "CN=localhost" if you use another host header to acces the site, you'll maybe need to change the path in the CALL statement depending on which version of Visual Studio you have.

Dave Anderson
  • 11,836
  • 3
  • 58
  • 79