This article will walk you through how to generate self-signed SSL certificate, locally, for MacOS.
Step 1: Make sure you have openssl installed.
Step 2: Add ssl folder /var/www/webconsol/ssl (this can be anyway, but we just like to have it outside of /etc/apache2 folder)
Step 3: Launch your Terminal command prompt, and type in:
- Generate host keys:
sudo openssl genrsa -out /var/www/webconsol/ssl/localhost.key 2048
sudo openssl rsa -in /var/www/webconsol/ssl/localhost.key -out /var/www/webconsol/ssl/localhost.key.rsa
- Create a configuration file using Terminal.app:
sudo vim /var/www/webconsol/ssl/localhost.conf and add the following configuration
[req]
default_bits = 1024
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = *.localhost
- Generate the required Certificate Requests using Terminal.app:
sudo openssl req -new -key /var/www/webconsol/ssl/localhost.key.rsa -subj "/C=/ST=/L=/O=/CN=localhost/" -out /var/www/webconsol/ssl/localhost.csr -config /var/www/webconsol/ssl/localhost.conf
Note: Complete the values C= ST= L= O= CN= to reflect your own organizational structure, where:
C= eq. Country: The two-letter ISO abbreviation for your country.
ST= eq. State or Province: The state or province where your organization is legally located.
L= eq. City or Locality: The city where your organization is legally located.
O= eq. Organization: he exact legal name of your organization.
CN= eq. Common Name: The fully qualified domain name for your web server
- Use the Certificate Requests to sign the SSL Certificates using Terminal.app:
sudo openssl x509 -req -extensions v3_req -days 365 -in /var/www/webconsol/ssl/localhost.csr -signkey /var/www/webconsol/ssl/localhost.key.rsa -out /var/www/webconsol/ssl/localhost.crt -extfile /var/www/webconsol/ssl/localhost.conf
- Add the SSL Certificate to Keychain Access:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /var/www/webconsol/ssl/localhost.crt
Recap: at the end, you should have the following file:
- localhost.conf
- localhost.crt
- localhost.csr
- localhost.key
- localhost.key.rsa
NOTE:
localhost can be "localhost-aem-publish.webconsol.com" and make sure to have a virtual host configured for it, if it's NOT localhost.