In my localhost development environment, I sometimes need SSL configured for a site so I can test things as close as possible to how the production site will operate.
In my environment, Apache is configured in /usr/local/etc/httpd and the self-signed SSL certificates are stored in /usr/local/etc/httpd/ssl/<local_domain>/.
Here is the recipe to add a self-signed SSL certificate so Chrome and other browsers will allow access to the secure locally hosted site:
Add the following inside the <VirtualHost *:443> </VirtualHost> configuration for the local_domain in /usr/local/etc/httpd/extra/httpd-vhosts.conf
SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/etc/httpd/ssl/<local_domain>/domain.crt SSLCertificateKeyFile /usr/local/etc/httpd/ssl/<local_domain>/domain.key
Create domain.conf with the following content:
[req] distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] [v3_req] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = <local_domain>
Generate the key:
sudo openssl genrsa -out domain.key 2048
sudo openssl rsa -in domain.key -out domain.key.rsa
sudo openssl req -new -key domain.key.rsa -subj /CN=<local_domain> -out domain.csr -config domain.conf
sudo openssl x509 -req -extensions v3_req -days 3650 -in domain.csr -signkey domain.key.rsa -out domain.crt -extfile domain.conf
Add the key to the keychain in OSX:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain domain.crt
sudo apachectl -k restart