mkcert

[last updated: 2024-01-07]
Drupal home page
local server setup
this page content from: https://www.howtoforge.com/how-to-create-locally-trusted-ssl-certificate...
other resources:
https://www.techrepublic.com/article/how-to-create-locally-signed-ssl-ce...
https://github.com/FiloSottile/mkcert
-----

• Prerequisites:
  A system running Ubuntu 20.04 Desktop.
  A root password is configured on the server.

• Prepare:
  • $ sudo apt-get update -y
  • Get needed packages/tools:
    $ sudo apt-get install wget libnss3-tools
• First steps:
  • Download the latest version of Mkcert from Github:
    $ wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1...
  • Move the downloaded binary to the system path:
    $ mv mkcert-v1.4.3-linux-amd64 /usr/bin/mkcert
  • Set permissions on mkcert:
    $ sudo chmod +x /usr/bin/mkcert
  • verify the Mkcert version:
    $ mkcert --version

• Create local CA certificate:
  • $ mkcert -install
  • You should see the following output:
    Created a new local CA ????
    The local CA is now installed in the system trust store! ??
    The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)! ????
  • Check the path of the CA certificate:
    $ mkcert -CAROOT

    You should see this output:

    /root/.local/share/mkcert

    
    SUCCESSFULL to HERE
          ("root" = /home/jay )

• Generate a Certificate for your Local Website:
  • $ mkcert app.example.com localhost 127.0.0.1 ::1

    You should see the following output:

    Created a new certificate valid for the following names
    - "app.example.com"
    - "localhost"
    - "127.0.0.1"
    - "::1"
  • The certificate is at "./app.example.com+3.pem" and the key is at "./app.example.com+3-key.pem"
    It will expire on 7 April 2026
  Done to Here

  --------------------------------------------------------------------------------------

• Configure your server to use the generated certificate:
  • However:
    I'm not sure which server I'm using, Nginx or Apache...
    How can I tell?
  • then restart the [server] Apache service to apply the changes:
    $ systemctl restart [???]

  • edit the /etc/hosts file and bind your app.example.com to your system IP address:
    $ nano /etc/hosts

    Add the following line:

    your-server-ip app.example.com
  • Verify SSL for Your Domain:
    Open a browser and type the URL https://app.example.com.
    You should see that your domain is secured with Mkcert.

  • Now "lock" it?