Create Self-Signed Certificates with mkcert
·2 mins
mkcert is amazing tool to create self signed certificates. No configuration is needed. You can get it here.
Create a local CA with mkcert -install(mine is already created):
root@ubuntu-local:~# mkcert -install
The local CA is already installed in the system trust store! 👍
The syntax to generate a new certificate is:
mkcert -key-file [path/to/key.pem] -cert-file [path/to/cert.pem] domain.com
Creating a new certificate for my wordpress instance:
root@ubuntu-local:~# mkcert -key-file /etc/ssl/private/wordpressubuntu_key.pem -cert-file /etc/ssl/certs/wordpressubuntu_cert.pem wordpressubuntu.com
Created a new certificate valid for the following names 📜
- "wordpressubuntu.com"
The certificate is at "/etc/ssl/certs/wordpressubuntu_cert.pem" and the key at "/etc/ssl/private/wordpressubuntu_key.pem" ✅
It will expire on 15 October 2023 🗓
Update your configuration file(I’m using Apache):
root@ubuntu-local:~# cat /etc/apache2/sites-available/wordpress_local.conf
<VirtualHost *:443>
ServerAdmin admin@localhost
ServerName wordpressubuntu.com
ServerAlias www.wordpressubuntu.com
DocumentRoot /var/www/vhosts/wordpress
ErrorLog ${APACHE_LOG_DIR}/wordpressubuntu.log
CustomLog ${APACHE_LOG_DIR}/wordpressubuntu.access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/wordpressubuntu_cert.pem
SSLCertificateKeyFile /etc/ssl/private/wordpressubuntu_key.pem
</VirtualHost>
Restart your webserver, add an entry in /etc/hosts, and browse to https://yourdomain.com:
root@ubuntu-local:~# curl -s -o /dev/null -w "%{http_code}" https://wordpressubuntu.com ; echo
200
If you run the previous command with https on a website that’s listening on port 80, you’ll get a status code of 000:
### 443
root@ubuntu-local:~# curl -s -o /dev/null -w "%{http_code}" https://test.com ; echo
000
### 80
root@ubuntu-local:~# curl -s -o /dev/null -w "%{http_code}" http://test.com ; echo
200
“I have not failed. I've just found 10,000 ways that won't work.” ― Thomas A. Edison