Adding a self-signed SSL Certificate to localhost

In my localhost development environment, I sometimes need SSL configured for a site so I can test things as close as possible to how the production site will operate.

In my environment, Apache is configured in /usr/local/etc/httpd and the self-signed SSL certificates are stored in /usr/local/etc/httpd/ssl/<local_domain>/.

Here is the recipe to add a self-signed SSL certificate so Chrome and other browsers will allow access to the secure locally hosted site:

Add the following inside the <VirtualHost *:443> </VirtualHost> configuration for the local_domain in /usr/local/etc/httpd/extra/httpd-vhosts.conf

SSLEngine on
SSLCertificateFile /usr/local/etc/httpd/ssl/<local_domain>/domain.crt
SSLCertificateKeyFile /usr/local/etc/httpd/ssl/<local_domain>/domain.key

Create domain.conf with the following content:

distinguished_name = req_distinguished_name
req_extensions = v3_req


basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

DNS.1 = <local_domain>

Generate the key:

sudo openssl genrsa -out domain.key 2048

sudo openssl rsa -in domain.key -out domain.key.rsa

sudo openssl req -new -key domain.key.rsa -subj /CN=<local_domain> -out domain.csr -config domain.conf

sudo openssl x509 -req -extensions v3_req -days 3650 -in domain.csr -signkey domain.key.rsa -out domain.crt -extfile domain.conf

Add the key to the keychain in OSX:

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain domain.crt

Restart Apache

sudo apachectl -k restart