SSL for vagrant local development
On macOS, open terminal, go to your vagrant folder (vagrant needs to have access to these files):
- Generate private key:
openssl genrsa -des3 -out myCA.key 2048
- Generate root certificate
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
- Adding the Root Certificate to macOS Keychain
- Open the macOS Keychain app
- Draft your private key file (myCA.pem) to System > Certificates
- Double click on your certificate in the list
- Expand the Trust section
- Change the When using this certificate: select box to “Always Trust”
- Download
ssl.shfile to your root folder. - Copy the file to /usr/local/bin/:
mv ssl.sh /usr/local/bin/ssl - Make it executable
chmod u+x /usr/local/bin/ssl - Run
ssl yourlocaldomain.localto create certificates for your local domain.
- Go to
vagrant ssh - Edit defautl-ssl.conf
sudo nano /etc/apache2/sites-available/default-ssl.conf - Find
SSLCertificateFilereplace /etc/ssl/certs/ssl-cert-snakeoil.pem with your.pemfile path (i.e /var/www/myCA.pem). - Find
SSLCertificateKeyFilereplace /etc/ssl/private/ssl-cert-snakeoil.key with your.keyfile path (i.e /var/www/myCA.key).
- Edit your virtual host
sudo nano /etc/site-enables/yourlocaldomain.local.conf - Change default listen port
<VirtualHost *:80>to<VirtualHost *:443> - Add this code bellow
DocumentRoot...
SSLEngine on
SSLCertificateFile /var/www/yourlocaldomain.local.crt
SSLCertificateKeyFile /var/www/yourlocaldomain.local.key
- Redirect http to https, add this code at the top (before
<VirtualHost *:443>block)
<VirtualHost *:80>
ServerName yourlocaldomain.dev
DocumentRoot /var/www/yourlocaldomain.local/public
Redirect permanent / https://yourlocaldomain.local/
</VirtualHost>
- Restart Apache
sudo service apache2 restart
All done.
- https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/#creating-ca-signed-certificates
- https://gist.github.com/polevaultweb/c83ac276f51a523a80d8e7f9a61afad0
Thanks @polevaultweb for ssl script.