Skip to content

How to get the "green padlock" with a new self signed certificate

Jump to bottom Edit New page
Lloyd Brookes edited this page Jul 7, 2017 · 5 revisions

Tested on Chrome on macOS.

Steps

  1. Install openssl.

    $ brew install openssl

  2. Create an openssl config file, save it as openssl.cnf.

    [req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no

[ req_distinguished_name ]

C = GB
O = lws
CN = lws

[ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
IP.1 = 127.0.0.1
IP.2 = ::1
DNS.1 = localhost
DNS.2 = mbp.local

  3. Create a private key

    $ openssl genrsa -out private-key.pem 2048

  4. Create a Certificate Request

    $ openssl req -new -nodes -sha256 -key private-key.pem -out lws-csr.pem -config openssl.cnf

  5. Create a self-signed certificate

    $ openssl x509 -req -sha256 -in lws-csr.pem -signkey private-key.pem -out lws-cert.pem -extfile openssl.cnf -extensions v3_req

  6. Set macOS to always trust the certificate.

    1. Open Keychain Assistant
    2. Import the certificate
    3. Open it and select "Always trust"

  7. Launch lws

    $ lws --key private-key.pem --cert lws-cert.pem
Serving at https://mbp.local:7990, https://127.0.0.1:7990, https://192.168.0.100:7990

Notes

  • common name no longer supported in Chrome
  • All cert components must be SHA256 (Chrome)
  • Due to a long-running bug in openssl, must explicitly pass -extfile and extensions in order for the extensions to copy from the certificate request to the certificate. See here.
Add a custom footer
Add a custom sidebar
Clone this wiki locally