This process creates SSL certificates and “trusts” them to go to a fake domain in your browser with the same name as the folder containing the certificates. Typically you generate them in the root of your project directory. So if you have a project in a directory, “my-excellent-project”, your SSL certificates would be valid for https://my-excellent-project.dev:PORT/, any subdomain. Do not commit them to source control (git).
Install Homebrew
- Open Terminal and run the following:
[pastacode lang=”bash” manual=”mkdir%20homebrew%20%26%26%20curl%20-L%20https%3A%2F%2Fgithub.com%2FHomebrew%2Fbrew%2Ftarball%2Fmaster%20%7C%20tar%20xz%20–strip%201%20-C%20homebrew” message=”” highlight=”” provider=”manual”/]
Install & Configure DNSMasq
[pastacode lang=”bash” manual=”if%20(brew%20services%20list%7Cgrep%20dnsmasq)%3B%20then%0A%20%20tell%20%22DNS%20Masq%20guids%20us%20to%20the%20right%20IP%20which%20is%20127.0.0.1%20-%20but%20it’s%20already%20here%22%0Aelse%0A%20%20tell%20%22DNS%20Masq%20guids%20us%20to%20the%20right%20IP%20which%20is%20127.0.0.1%20-%20so%20lets%20summon%20this%20last%20deamon%22%0A%0A%20%20brew%20install%20-v%20dnsmasq%0A%20%20echo%20’address%3D%2F.dev%2F127.0.0.1’%20%3E%20%24(brew%20–prefix)%2Fetc%2Fdnsmasq.conf%0A%20%20echo%20’listen-address%3D127.0.0.1’%20%3E%3E%20%24(brew%20–prefix)%2Fetc%2Fdnsmasq.conf%0A%20%20echo%20’port%3D35353’%20%3E%3E%20%24(brew%20–prefix)%2Fetc%2Fdnsmasq.conf%0A%20%20brew%20services%20start%20dnsmasq%0Afi%0A%0Aif%20%5B%20-e%20%2Fetc%2Fresolver%2Fdev%20%5D%3B%20then%0A%20%20tell%20%22DNS%20Masq%20is%20already%20in%20our%20resolver%20list%22%0Aelse%0A%20%20tell%20%22So%20let’s%20call%20DNS%20Masq%20all%20the%20time%20-%20cause%2C%20yes%20-%20it’s%20nice%22%0A%20%20sudo%20mkdir%20-v%20%2Fetc%2Fresolver%0A%20%20sudo%20bash%20-c%20’echo%20%22nameserver%20127.0.0.1%22%20%3E%20%2Fetc%2Fresolver%2Fdev’%0A%20%20sudo%20bash%20-c%20’echo%20%22port%2035353%22%20%3E%3E%20%2Fetc%2Fresolver%2Fdev’%0Afi” message=”” highlight=”” provider=”manual”/]
Generate the SSL Certificate
from
https://gist.github.com/jed/6147872
- Open Terminal and cd into the root folder of your project.
- Create a temporary configuration file:
[pastacode lang=”bash” manual=”cat%20%3E%20openssl.cnf%20%3C%3C-EOF%0A%20%20%5Breq%5D%0A%20%20distinguished_name%20%3D%20req_distinguished_name%0A%20%20x509_extensions%20%3D%20v3_req%0A%20%20prompt%20%3D%20no%0A%20%20%5Breq_distinguished_name%5D%0A%20%20CN%20%3D%20*.%24%7BPWD%23%23*%2F%7D.dev%0A%20%20%5Bv3_req%5D%0A%20%20keyUsage%20%3D%20keyEncipherment%2C%20dataEncipherment%0A%20%20extendedKeyUsage%20%3D%20serverAuth%0A%20%20subjectAltName%20%3D%20%40alt_names%0A%20%20%5Balt_names%5D%0A%20%20DNS.1%20%3D%20*.%24%7BPWD%23%23*%2F%7D.dev%0A%20%20DNS.2%20%3D%20%24%7BPWD%23%23*%2F%7D.dev%0AEOF” message=”” highlight=”” provider=”manual”/]
[pastacode lang=”bash” manual=”openssl%20req%20%5C%0A%20%20-new%20%5C%0A%20%20-newkey%20rsa%3A2048%20%5C%0A%20%20-sha256%20%5C%0A%20%20-days%203650%20%5C%0A%20%20-nodes%20%5C%0A%20%20-x509%20%5C%0A%20%20-keyout%20ssl.key%20%5C%0A%20%20-out%20ssl.crt%20%5C%0A%20%20-config%20openssl.cnf” message=”” highlight=”” provider=”manual”/]
- if you get the error “unable to write to random state”, do
[pastacode lang=”bash” manual=”sudo%20rm%20~%2F.rnd” message=”” highlight=”” provider=”manual”/]
and create the certificate again.
- Remove the configuration file:
[pastacode lang=”bash” manual=”rm%20openssl.cnf” message=”” highlight=”” provider=”manual”/]
- Open the SSL certificate in your keychain:
[pastacode lang=”bash” manual=”open%20%2FApplications%2FUtilities%2FKeychain%5C%20Access.app%20ssl.crt” message=”” highlight=”” provider=”manual”/]
- Select the newly imported certificate, which should appear at the bottom of the certificate list, right click, and select “Get Info”.
- In the popup window, click the ▶ button to the left of Trust, and select Always Trust for When using this certificate:.
- Close the popup window.
- When prompted, enter your password again and click Update Settings.
- Close Keychain Access.
Sarah is a freelance JavaScript developer in Austin, TX USA.
Trackbacks/Pingbacks