ini MacOS Sierra和Chrome上的自签名SSL证书

Posted 2021-05-24

1. Place attached `.conf` file in a directory on your computer that will never change i.e. Documents.

2. In the `.conf` file, switch out `custom.dev` with your development URL.

3. Change name of `.conf` file to the name of your dev URL. i.e. testsite.test

4. From the folder where the `.conf` file is located run the following command in the terminal, replacing `{custom.dev}` with the `.conf` file's name.  
  `openssl req -config {custom.dev}.conf -new -sha256 -newkey rsa:2048 -nodes -keyout {custom.dev}.key -x509 -days 1825 -out {custom.dev}.crt`

  If I were using `testsite.test`, it would be as follows  
  `openssl req -config testsite.test.conf -new -sha256 -newkey rsa:2048 -nodes -keyout testsite.test.key -x509 -days 1825 -out testsite.test.crt`
  
  This will create the files needed for our certificate

5. In MAMP Pro, point local host domain to the files genrated by the previous terminal command:
![MAMP](https://user-images.githubusercontent.com/18709288/32072628-77bac4ce-ba50-11e7-84a9-4a759ba255ab.png)

6. Open your dev site URL with the HTTPS protocal. i.e. https://testsite.test
You will notice site it still not secured, click `advanced` and `proceed`. 

7. Open Chrome Dev Tools and navigate to the security tab. Click on `View certificate`. 
Click and drag the icon of the certificate to your desktop. 
![cert](https://user-images.githubusercontent.com/18709288/32073124-356930ea-ba52-11e7-8aa6-9bf89a980e84.gif)

8. Open the Keychain Access app. Drag the certificate you downloaded to your desktop into the `System` keychain.

9. In Keychain Access, double click the new certificate and change the trust options to `Always Trust`. You will be prompted to enter computer password after closing dialog box

10. Quit and Restart Chrome, then navigate to your URL.

[ req ]

default_bits        = 2048
default_keyfile     = server-key.pem
distinguished_name  = subject
req_extensions      = req_ext
x509_extensions     = x509_ext
string_mask         = utf8only

[ subject ]

countryName                 = Country Name (2 letter code)
countryName_default         = US

stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = NY

localityName                = Locality Name (eg, city)
localityName_default        = New York

organizationName            = Organization Name (eg, company)
organizationName_default    = Custom

commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_default          = custom.dev

emailAddress                = Email Address
emailAddress_default        = test@test.com

[ x509_ext ]

subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer

basicConstraints       = CA:FALSE
keyUsage               = digitalSignature, keyEncipherment
subjectAltName         = @alternate_names
nsComment              = "OpenSSL Generated Certificate"

[ req_ext ]

subjectKeyIdentifier = hash

basicConstraints     = CA:FALSE
keyUsage             = digitalSignature, keyEncipherment
subjectAltName       = @alternate_names
nsComment            = "OpenSSL Generated Certificate"

[ alternate_names ]

DNS.1 = custom.dev