Create local certificate authority for local HTTPS devolopment
When you are developing local web sites and have enabled HTTPS traffic you may have encountered the "Not Secure" and "Your connection is not private" messages. You may have just clicked through and ignored the warnings. Even if you ignore the message and continue, you will still always see the warning indicating that the traffic is not secure.
To resolve these warnings can set up a local certificate authority (CA), trust that certificate authority locally and then any certificates you generate from that CA will also be trusted.
Set up CA
Create certificates for your local CA
mkdir -p ~/local/certs/
# Generate CA private key
openssl genrsa -out ~/local/certs/local-ca.key 2048
# Generate CA root certificate
openssl req -new -x509 -subj "/CN=Local CA" \
-key ~/local/certs/local-ca.key \
-out ~/local/certs/local-ca.crtTrust local CA
On macOS you can trust the local CA root certificate with the security command.
sudo security add-trusted-cert -d -r trustRoot \
-k "/Library/KeyChains/System.keychain" \
~/local/certs/local-ca.crtOn Windows you can do this the Microsoft Management Console and on Linux you can copy the certificate into /usr/local/share/ca-certificates.
Create CA-signed certificate
Create CA-signed certificate for local service
openssl req -subj '/CN=my.local' \
-new -newkey rsa:2048 -sha256 -noenc -x509 \
-addext "subjectAltName = DNS:my.local" \
-CA ~/local/certs/local-ca.crt \
-CAkey ~/local/certs/local-ca.key \
-keyout ~/local/certs/my-local.key \
-out ~/local/certs/my-local.crtTLS service configuration
Bind local IP address to the my.local domain, or what ever you called it, by adding a line in your /etc/hosts file.
127.0.0.1 my.localYou can now configure your local development service with the my-local.crt certificate and the warnings in the browser should disappear.