As a developer, you may have to work on multiple projects, clients and web applications. One of the prerequisites for web application development is to test the websites locally on the browser during the development phase. Very high chance that the application you are developing will be secured with SSL/TLS certificate in a production environment. Agree? How about if you have to test certain functionality leveraging third-party API which requires origin to be https://? You can say self-signed cert and there is nothing wrong with that. But have you tried accessing self-signed cert implemented site? You will still get cert warning on Chrome and other browsers.
Do you see the Not Secure badge? Not Good, right? The best way to having valid SSL cert on the development environment is by managing your own CA and its possible with mkcert. An easy to implement which let you have a valid cert on the following local development web address.
example.com *.example.com example.test localhost 127.0.0.1 ::1
You can implement mkcert on macOS, Windows, CentOS, Ubuntu and other UNIX-based OS. The following example is from Ubuntu. First thing first, let’s install the network security service tools which has certutil to manage the certificate database. You may also need to ensure the brew is installed on your server. If not install using the following command. and, finally, install the mkcert using brew. Note: to install using brew you shouldn’t be root. and it gets installed in /home/$USER/.linuxbrew/bin/mkcert Where $USER is the username you have used to install Now, its time to get the local CA installed in the system trust store. And, next, generate a certificate for the development environment. Let’s say you are going to have your website on example.com and you can use the following command to get the certificate and key file. Great! now, I have a valid certificate and its key file ready to use on my Nginx, Apache or other web servers. Let’s take an example of an Apache HTTP server. If not already, enable the SSL module and configuration. As suggested, restart the Apache. At this point, if you netstat you will notice the Apache has started with secure port 443. But, we are not done yet. Its started with the default (dummy) cert and we need to replace that. Modify default-ssl.conf using vi file and replace the following with the path where you have generated the key and cert file. Before restarting Apache, you also have to manipulate hosts file for example.com so it resolves to your localhost instead of Internet one. Once you are done, restart the Apache HTTP server and access example.com – you will see a trusted certificate is being served. Conclusion This can be handy to have a trusted certificate in local environment. The above is just an example of example.com but you can do for localhost and others. If you need an external signer to issue a certificate then check out how to get that in free.