Using HTTPS localhost for Development

by Vickram Ravichandran

The winpty command requires Git Bash for Windows

1. Create the Private Key for the Root Certificate

mkdir certs
cd certs
winpty openssl genrsa -out RootCA.key 2048

2. Create the Root Certificate (CA)

winpty openssl req -new -x509 \
    -key RootCA.key -sha256 -days 18000 \
    -out RootCA.pem \
    -subj "//C=US\ST=NY\L=NY\O=None\CN=LocalhostRootCertificate"

3. Verify the Root Certificate

winpty openssl x509 -noout -text -in RootCA.pem

4. Create the Private Key for the SSL Certificate

winpty openssl genrsa -out mycert.key 2048

5. Create the Certificate Signing Request (CSR)

winpty openssl req -new -sha256 \
    -key mycert.key \
    -out mycert.csr \
    -subj "//C=US\ST=NY\L=NY\O=None\CN=localhost"

6. Create the Certificate Signed by the CA

Save the following to a file named v3.txt...

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = localhost.com

...and run this

winpty openssl x509 -req \
    -in mycert.csr \
    -CA RootCA.pem \
    -CAkey RootCA.key \
    -CAcreateserial \
    -days 18000 -sha256 \
    -extfile v3.txt \
    -out mycert.crt

7. Create the PFX file

winpty openssl pkcs12 -export \
    -in mycert.crt \
    -inkey mycert.key \
    -out mycert.pfx

8. Import the RootCA.pem file (root certificate) into the "Trusted Root Certifications Authorities" certificate store.

9. Import the mycert.pfx file into IIS and bind the certificate to the website.

10. Browse https://localhost

Related:

http://www.vickram.me/convert-pfx-to-pem-format

self-signed certificatehttps localhostssltls