Generate a self-signed SSL certificate for local development on a Mac

Gen­er­ate a host key

First, make a home for the new SSL files—I use /etc/apache2/ssl.  Open up a ter­mi­nal win­dow, cd to the new direc­tory and issue the fol­low­ing com­mand to cre­ate a host key file.

sudo ssh-keygen -f host.key

Gen­er­ate a cer­tifi­cate request file

This com­mand will cre­ate a cer­tifi­cate request file. A cer­tifi­cate request file con­tains infor­ma­tion about your orga­ni­za­tion that will be used in the SSL cer­tifi­cate. The com­mand will ask you a bunch of ques­tions; because this is for local devel­op­ment, non­sense will suffice.

sudo openssl req -new -key host.key -out request.csr

Cre­ate the SSL certificate

Cre­ate a self-signed SSL cer­tifi­cate using the request file.

sudo openssl x509 -req -days 365 -in request.csr -signkey host.key -out server.crt

Apache

Add the fol­low­ing to your Apache con­fig­u­ra­tion to use the new certificate:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

Restart Apache with sudo apachectl restart and try our your new certificate.

5 comments

  1. Chris­t­ian, many thanks for this. It is exactly what I need to do. I’m sur­prised that there aren’t a thou­sand thank yous here already. Sim­ple solu­tions to seem­ingly dif­fi­cult tasks. May your ques­tions in life be just as quickly and eas­ily answered.

  2. Thanks a lot for this post!
    Just wanted to point out the typo of ‘request’ in this line:
    sudo openssl req –new –key host.key –out reqeust.csr

  3. Ah! Indeed there is… It’s been fixed.

    Thanks, Gilbert!

  5. Nice job, thanks

    Still using this in late 2011! :D

Comment on this post

You may use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>