text 生成ssl证书

Posted 2021-05-02

[ req ]

default_bits        = 2048
default_keyfile     = server-key.pem
distinguished_name  = subject
req_extensions      = req_ext
x509_extensions     = x509_ext
string_mask         = utf8only

[ subject ]

countryName                 = Country Name (2 letter code)
countryName_default         = US

stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = NY

localityName                = Locality Name (eg, city)
localityName_default        = New York

organizationName            = Organization Name (eg, company)
organizationName_default    = Custom

commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_default          = custom.dev

emailAddress                = Email Address
emailAddress_default        = test@test.com

[ x509_ext ]

subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer

basicConstraints       = CA:FALSE
keyUsage               = digitalSignature, keyEncipherment
subjectAltName         = @alternate_names
nsComment              = "OpenSSL Generated Certificate"

[ req_ext ]

subjectKeyIdentifier = hash

basicConstraints     = CA:FALSE
keyUsage             = digitalSignature, keyEncipherment
subjectAltName       = @alternate_names
nsComment            = "OpenSSL Generated Certificate"

[ alternate_names ]

DNS.1 = custom.dev

Place attached .conf file in a directory on your computer that will never change i.e. Documents.

In the .conf file, switch out custom.dev with your development URL.

Change name of .conf file to the name of your dev URL. i.e. testsite.test

From the folder where the .conf file is located run the following command in the terminal, replacing {custom.dev} with the .conf file's name.
openssl req -config {custom.dev}.conf -new -sha256 -newkey rsa:2048 -nodes -keyout {custom.dev}.key -x509 -days 1825 -out {custom.dev}.crt

If I were using testsite.test, it would be as follows
openssl req -config testsite.test.conf -new -sha256 -newkey rsa:2048 -nodes -keyout testsite.test.key -x509 -days 1825 -out testsite.test.crt

This will create the files needed for our certificate

In MAMP Pro, point local host domain to the files genrated by the previous terminal command: MAMP

Open your dev site URL with the HTTPS protocal. i.e. https://testsite.test You will notice site it still not secured, click advanced and proceed.

Open Chrome Dev Tools and navigate to the security tab. Click on View certificate. Click and drag the icon of the certificate to your desktop. cert

Open the Keychain Access app. Drag the certificate you downloaded to your desktop into the System keychain.

In Keychain Access, double click the new certificate and change the trust options to Always Trust. You will be prompted to enter computer password after closing dialog box

Quit and Restart Chrome, then navigate to your URL.