Is there a way to create a valid certificate for Apache localhost?

Asked

Viewed 555 times

4

Look at my local development I have made use of https://localhost, created the certificate by apache openssl, works beauty.

As it is not a certificate that is in an external source the browser says that it is not safe and puts that confirmation page.

In firefox we can add the certificate and it does not ask anymore, but in Chrome that lately is adopting boring policies does not let you add a certificate to the list (searched and not found), so every time you close and open it shows this blessed page.

How to create a validated certificate to use on localhost on all my Virtual Hosts for development?

Reading on the internet I saw that there is letsencrypt.org which generates free certificates, but the programs used are on several systems, except for Windows, on the Centos server I was able to enable the certificates, but since my development machine is Windows I needed it to be for this operating system.

Note: I would not like to use virtual machines, consume a good machine resource.

1 answer

1

By localhost design is not a recognized domain outside of a PC and therefore is not allowed by public certificate issuing authorities (CA’s - such as letsencrypt.org) to generate publicly recognized certificates for this domain.

That said, nothing prevents the creation of a CA of your own. And with it sign a certificate issued by you, for the localhost domain. This certificate will be recognized only where your CA is recognized as reliable.... this is the principle of the SSL/TLS trust chain. "We only trust signed certificates because someone we trust".

For this you only need to create an CA. Basically a certificate signed by himself (Self-signed Certificate - View https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl) and then issue a certificate for the localhost domain and mark with the certificate referred to above (https://stackoverflow.com/questions/21297139/how-do-you-sign-a-certificate-signing-request-with-your-certification-authority).

In possession of these two certificates, the localhost certificate is used, after being signed in the configuration of the Apache server and the public component (not the key!!!!) of the signed certificate is imported, in the browsers for the certificates signed by the latter to be recognised and a chain of trust.

In Chrome it is also possible to add certificates (unless permissions do not allow it) https://support.securly.com/hc/en-us/articles/206081828-How-to-manually-install-the-Securly-SSL-certificate-in-Chrome

Browser other questions tagged

You are not signed in. Login or sign up in order to post.