Generate a self-signed SSL certificate for local development on a Mac

Generate a host key

First, make a home for the new SSL files—I use /etc/apache2/ssl.  Open up a terminal window, cd to the new directory and issue the following command to create a host key file.

sudo ssh-keygen -f host.key

Generate a certificate request file

This command will create a certificate request file. A certificate request file contains information about your organization that will be used in the SSL certificate. The command will ask you a bunch of questions; because this is for local development, nonsense will suffice.

sudo openssl req -new -key host.key -out reqeust.csr

Create the SSL certificate

Create a self-signed SSL certificate using the request file.

sudo openssl x509 -req -days 365 -in request.csr -signkey host.key -out server.crt

Apache

Add the following to your Apache configuration to use the new certificate:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

Restart Apache with sudo apachectl restart and try our your new certificate.

1 comment

  1. Christian, many thanks for this. It is exactly what I need to do. I’m surprised that there aren’t a thousand thank yous here already. Simple solutions to seemingly difficult tasks. May your questions in life be just as quickly and easily answered.

Comment on this post

You may use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>