This process creates SSL certificates and “trusts” them to go to a fake domain in your browser with the same name as the folder containing the certificates.  Typically you generate them in the root of your project directory.  So if you have a project in a directory, “my-excellent-project”, your SSL certificates would be valid for, any subdomain.  Do not commit them to source control (git).

Install Homebrew

  • Open Terminal and run the following:
mkdir homebrew && curl -L | tar xz --strip 1 -C homebrew

Install & Configure DNSMasq

if (brew services list|grep dnsmasq); then
  tell "DNS Masq guids us to the right IP which is - but it's already here"
  tell "DNS Masq guids us to the right IP which is - so lets summon this last deamon"

  brew install -v dnsmasq
  echo 'address=/.dev/' > $(brew --prefix)/etc/dnsmasq.conf
  echo 'listen-address=' >> $(brew --prefix)/etc/dnsmasq.conf
  echo 'port=35353' >> $(brew --prefix)/etc/dnsmasq.conf
  brew services start dnsmasq

if [ -e /etc/resolver/dev ]; then
  tell "DNS Masq is already in our resolver list"
  tell "So let's call DNS Masq all the time - cause, yes - it's nice"
  sudo mkdir -v /etc/resolver
  sudo bash -c 'echo "nameserver" > /etc/resolver/dev'
  sudo bash -c 'echo "port 35353" >> /etc/resolver/dev'

Generate the SSL Certificate

  • Open Terminal and cd into the root folder of your project.
  • Create a temporary configuration file:
cat > openssl.cnf <<-EOF
  distinguished_name = req_distinguished_name
  x509_extensions = v3_req
  prompt = no
  CN = *.${PWD##*/}.dev
  keyUsage = keyEncipherment, dataEncipherment
  extendedKeyUsage = serverAuth
  subjectAltName = @alt_names
  DNS.1 = *.${PWD##*/}.dev
  DNS.2 = ${PWD##*/}.dev
  • Create the certificate:
openssl req \
  -new \
  -newkey rsa:2048 \
  -sha256 \
  -days 3650 \
  -nodes \
  -x509 \
  -keyout ssl.key \
  -out ssl.crt \
  -config openssl.cnf
  • if you get the error “unable to write to random state”, do
sudo rm ~/.rnd
and create the certificate again.
  • Remove the configuration file:
rm openssl.cnf
  • Open the SSL certificate in your keychain:
open /Applications/Utilities/Keychain\ ssl.crt
  • Select the newly imported certificate, which should appear at the bottom of the certificate list, right click, and select “Get Info”.
  • In the popup window, click the ▶ button to the left of Trust, and select Always Trust for When using this certificate:.
  • Close the popup window.
  • When prompted, enter your password again and click Update Settings.
  • Close Keychain Access.