Using a self-signed SSL cert on MacOS

Creating a cert

1) Construct a requirement config and save the file as "req.conf".

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = MY
ST = Kuala Lumpur
L = Kuala Lumpur
O = Company Name
CN = localhost
[v3_req]
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost.abc
DNS.2 = localhost

2) It is important to include "digitalSignature" in the keyUsage field, otherwise modern browsers would block the cert.

3) Run the following OpenSSL command to generate the certificate. Replace the "days" value as needed.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out certificate.pem -config req.conf -extensions 'v3_req'

4) Run the following OpenSSL command to get the P12 format.

openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

If this certificate is also used on older system (E.g. Windows 7), please include the -legacy option.

openssl pkcs12 -legacy -inkey key.pem -in certificate.pem -export -out certificate.p12

5) Or if you need a JKS format.

keytool -importkeystore -srckeystore certificate.p12 -srcstoretype pkcs12 -destkeystore certificate.jks -deststoretype jks

Install Cert on MacOS

1) Go to the "Keychain Access" App on your device.

2) Select "Files", then "Import Items".

3) Select the cert file that you created earlier.

4) Double clicks on the imported cert and expand the trust section

5) Set it to "Always Trust".

6) Now you can try to access the HTTPS URL from your browser, and it should be trusted.

 


AI Summary
gpt-4o-2024-05-13 2024-09-05 18:15:36
This blog post provides a step-by-step guide to creating and installing a self-signed SSL certificate on macOS. It includes instructions to generate the certificate using OpenSSL, convert it to different formats, and import it into the Keychain Access app, setting it to "Always Trust" for browser recognition.
Chrome On-device AI 2024-12-06 18:25:50

Share Article