{"id":19656182,"url":"https://github.com/daggerok/valid-local-certificate","last_synced_at":"2026-05-10T13:00:16.923Z","repository":{"id":151042163,"uuid":"224063482","full_name":"daggerok/valid-local-certificate","owner":"daggerok","description":"How to generate valid HTTPS certificate for local development environment","archived":false,"fork":false,"pushed_at":"2022-12-11T14:51:11.000Z","size":1168,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-10T00:41:27.788Z","etag":null,"topics":["express-https","https","https-server","nodejs","nodejs-https","ssl","ssl-certificates"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/daggerok.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-11-25T23:51:35.000Z","updated_at":"2019-12-03T19:01:38.000Z","dependencies_parsed_at":null,"dependency_job_id":"ec1eb39a-96a2-43e6-84f2-a5074597044f","html_url":"https://github.com/daggerok/valid-local-certificate","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daggerok%2Fvalid-local-certificate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daggerok%2Fvalid-local-certificate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daggerok%2Fvalid-local-certificate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daggerok%2Fvalid-local-certificate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/daggerok","download_url":"https://codeload.github.com/daggerok/valid-local-certificate/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240964576,"owners_count":19885766,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["express-https","https","https-server","nodejs","nodejs-https","ssl","ssl-certificates"],"created_at":"2024-11-11T15:26:54.361Z","updated_at":"2026-05-10T13:00:11.876Z","avatar_url":"https://github.com/daggerok.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# valid-local-certificate\nHow to generate valid HTTPS certificate for local development environment\n\n## Table of Content\n1. [Before you begin](#before-begin)\n1. [Root SSL certificate](#root-ssl-certificate)\n1. [Trust certificate](#trust-certificate)\n   * [Trust certificate on Mac OS](#mac-os)\n1. [Domain SSL certificate](#domain-ssl-certificate)\n1. [Usage: NodeJS](#usage)\n\n## Before begin\n\nAll ssl certificates operations are going to be done in [`/path/to/certs` folder](certs).\n\n## Root SSL certificate\n\nGenerate private RSA with password: `password`\n\n```bash\nopenssl genrsa -des3 -out rootCA.key 2048\n# Generating RSA private key, 2048 bit long modulus\n# .........+++\n# ...........................................................+++\n# e is 65537 (0x10001)\n# Enter pass phrase for rootCA.key:\n# Enter pass phrase for rootCA.key:\n# Verifying - Enter pass phrase for rootCA.key:\n```\n\nNOTE: result is in [`rootCA.key`](certs/rootCA.key) file.\n\nUse key you generated to create a new Root\nSSL certificate:\n\n```bash\nopenssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem\n```\n\nNOTE: result is in [`rootCA.pem`](certs/rootCA.pem) file.\n\n## Trust certificate\n\n### Mac OS\n\n* Open Keychain Access on your Mac\n* `File` -\u003e `Import items...` -\u003e point your generated [`rootCA.pem`](certs/rootCA.pem) certificate\n  ![Trust certificate on Mac OS using Keychain Access](images/002323-trust.png)\n* Double click on certificate and under `Trust` menu chose `Always Trust`\n  ![Always Trust](images/002554-always-trust.png)\n\n## Domain SSL certificate\n\nPreviously created root SSL certificate now can be\nused to issue a certificate specifically for your local\ndevelopment environment located at localhost.\n\nCreate a new OpenSSL configuration file named\n[`server.csr.cnf`](certs/server.csr.cnf) so you can import these settings when\ncreating a certificate instead of entering them on the\ncommand line:\n\n```ini\n[req]\ndefault_bits = 2048\nprompt = no\ndefault_md = sha256\ndistinguished_name = dn\n\n[dn]\nC=US\nST=RandomState\nL=RandomCity\nO=RandomOrganization\nOU=RandomOrganizationUnit\nemailAddress=hello@example.com\nCN = localhost\n```\n\nCreate a [`v3.ext`](certs/v3.ext) file in order to create a X509 v3 certificate.\n\nNOTE: we’re specified `subjectAltName`\n\n```ini\nauthorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = localhost\n```\n\nNOTE: result is in [`v3.ext`](certs/v3.ext) file.\n\nCreate a certificate key for `localhost` by using\nthe configuration settings stored in [`server.csr.cnf`](certs/server.csr.cnf)\nfile:\n\n```bash\nopenssl req -new -sha256 -nodes \\\n    -out server.csr -newkey rsa:2048 \\\n    -keyout server.key -config \u003c(cat server.csr.cnf)\n```\n\nNOTE: results are in [`server.key`](certs/server.key) and [`server.crt`](certs/server.crt) files.\n\nCertificate signing request is issued via the root SSL certificate\nwe created earlier to create a `domain certificate` for localhost.\nUse password: `password`\n\n```bash\nopenssl x509 -req -in server.csr -CA rootCA.pem \\\n    -CAkey rootCA.key -CAcreateserial \\\n    -out server.crt -days 500 -sha256 -extfile v3.ext\n```\n\nNOTE: results are in [`server.crt`](certs/server.crt) and [`rootCA.srl`](certs/rootCA.srl) files.\n\n## Usage\n\nLet's secure our `localhost` host!\n\nLet's implement simple node.js express backend server to simulate.\n\n```bash\nmkdir -p /tmp/app/certs /tmp/app/public\ncd /tmp/app\nnpm init -y\nnpm i -DE express fs-extra @types/node\necho '\u003chtml\u003e\u003cbody\u003e\u003ch3\u003eAloha!\u003c/h3\u003e\u003c/body\u003e\u003c/html\u003e' \u003e ./public/index.html\nvi app.js\n```\n\n```js\nconst fs = require('fs-extra');\nconst path = require('path');\nconst https = require('https');\nconst express = require('express');\n\nconst app = express();\napp.use(express.static('public'));\n\nconst port = process.env.PORT || '443';\nconst certOptions = {\n    key: fs.readFileSync(path.resolve('./server.key')),\n    cert: fs.readFileSync(path.resolve('./server.crt'))\n};\n\nhttps.createServer(certOptions, app).listen(port);\n```\n\nCopy [`server.key`](certs/server.key) and [`server.crt`](certs/server.crt) files to your server folder.\n\n```bash\ncp /path/to/certs/server.key /tmp/app/certs/\ncp /path/to/certs/server.crt /tmp/app/certs/\n```\n\nStart server:\n\n```bash\nnode app.js\n```\n\nOpen and test https://localhost/\n\n```bash\ncurl https://localhost/\n```\n\nNOTE: DO not use https://127.0.0.1/, instead you should use https://localhost/ in your browser.\n\nNOTE: Do not use it in production! BTW, it will valid only locally on your Mac.\n\n## resources\n\n* [According article on freecodecamp.org](https://www.freecodecamp.org/news/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaggerok%2Fvalid-local-certificate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdaggerok%2Fvalid-local-certificate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaggerok%2Fvalid-local-certificate/lists"}