SSL Certificate
Created on:
Wednesday, October 10, 2018

How to generate Self-Signed SSL Certificate locally for MacOS

This article will walk you through how to generate self-signed SSL certificate, locally, for MacOS.

Step 1: Make sure you have openssl installed.

Step 2: Add ssl folder /var/www/webconsol/ssl (this can be anyway, but we just like to have it outside of /etc/apache2 folder)

Step 3: Launch your Terminal command prompt, and type in:

  • Generate host keys:

    sudo openssl genrsa -out /var/www/webconsol/ssl/localhost.key 2048
    sudo openssl rsa -in /var/www/webconsol/ssl/localhost.key -out /var/www/webconsol/ssl/localhost.key.rsa
  • Create a configuration file using

    sudo vim /var/www/webconsol/ssl/localhost.conf and add the following configuration

    default_bits = 1024
    distinguished_name = req_distinguished_name
    req_extensions = v3_req


    basicConstraints = CA:FALSE
    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
    subjectAltName = @alt_names

    DNS.1 = localhost
    DNS.2 = *.localhost
  • Generate the required Certificate Requests using

    sudo openssl req -new -key /var/www/webconsol/ssl/localhost.key.rsa -subj "/C=/ST=/L=/O=/CN=localhost/" -out /var/www/webconsol/ssl/localhost.csr -config /var/www/webconsol/ssl/localhost.conf

    Note: Complete the values C= ST= L= O= CN= to reflect your own organizational structure, where:
    C= eq. Country: The two-letter ISO abbreviation for your country.
    ST= eq. State or Province: The state or province where your organization is legally located.
    L= eq. City or Locality: The city where your organization is legally located.
    O= eq. Organization: he exact legal name of your organization.
    CN= eq. Common Name: The fully qualified domain name for your web server
  • Use the Certificate Requests to sign the SSL Certificates using

    sudo openssl x509 -req -extensions v3_req -days 365 -in /var/www/webconsol/ssl/localhost.csr -signkey /var/www/webconsol/ssl/localhost.key.rsa -out /var/www/webconsol/ssl/localhost.crt -extfile /var/www/webconsol/ssl/localhost.conf
  • Add the SSL Certificate to Keychain Access:

    sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /var/www/webconsol/ssl/localhost.crt

Recap: at the end, you should have the following file:

  • localhost.conf
  • localhost.crt
  • localhost.csr
  • localhost.key
  • localhost.key.rsa


localhost can be "" and make sure to have a virtual host configured for it, if it's NOT localhost.

Stop blending in with the rest of the crowd &
start leaving your mark on the web.
Your success is our success

Let's work together