Option 1: Creating a self-signed certificate with the openssl binary
As igalic Show archive.org snapshot commented on this gist Show archive.org snapshot .
openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout server.key -out server.crt
Explanation
req -new
Create a new request ...
-newkey
: ... using a new key ...
rsa:2048
... of type RSA, 2048 bits long.
-sha1
: Make sure to use SHA1 as this certificate's hashing algorithm,
-nodes
: don't encrypt the key and
-x509
: make it an X.509 certificate, not a Certificate Signing Request.
Option 2: Creating a self-signed certificate with the mkcert binary
The linked tool mkcert Show archive.org snapshot helps you to setup locally-trusted development certificates. We also have cards that describe how to use SSL in development with Passenger, Puma and Thin.
Installation of mkcert
mkcert
will create a certificate for development without any configuration and add it to the system trust store.
Download a current pre-built binary
here
Show archive.org snapshot
, e.g. mkcert-v1.4.4-linux-amd64
. Move it to a directory in your PATH
and make it executable.
$ chmod +x ~/Downloads/mkcert-v1.4.4-linux-amd64
$ mv ~/Downloads/mkcert-v1.4.4-linux-amd64 ~/bin
$ mkcert-v1.4.4-linux-amd64 localhost
Created a new local CA 💥
...
Accepting the self-signed certificate
See Web development: Accepting a self-signed certificate in Google Chrome.