Create Locally Trusted Host SSL Development Certificates

20/04/2025

Use mkcert to making locally-trusted host development certificates that avoids browser self-certification dialog warning and requires little or no configuration

Install mkcert:

sudo apt update
sudo apt install libnss3-tools
curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
chmod +x mkcert-v*-linux-amd64
sudo mv mkcert-v*-linux-amd64 /usr/local/bin/mkcert

Install the local CA:

mkcert -install

Generates and installs CA cert/key pair (rootCA-key.pem,rootCA.pem) in system trust store – $CAROOT (defaults to ~/.local/share/mkcert)
Installs local CA in the Firefox and/or Chrome/Chromium trust store (requires browser restart)

Generate certificate and key file for locally hosted website:

mkcert example.org localhost 127.0.0.1 ::1

Creates two files: example.org+3.pem (certificate) and example.org+3-key.pem (private key). +n suffixes added to ensure file names are unique

Configure Apache:
Add SSL keys to Apache host SSL configuration (usually in /etc/apache2/sites-available/default-ssl.conf or similar):

SSLEngine on
SSLCertificateFile /path/to/example.org+3.pem
SSLCertificateKeyFile /path/to/example.org+3-key.pem

Enable Apache SSL module:

sudo a2enmod ssl
sudo systemctl restart apache2

Enable the local host configuration:

sudo a2ensite default-ssl
sudo systemctl restart apache2

Disable the configuration:

sudo a2dissite default-ssl
sudo systemctl restart apache2

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out comment
Enter name