Self-signed cert — Mac/Rails/Chrome edition
Every now and then you need to test something locally using SSL, and want to avoid these pesky security warnings.
This is a tricky one to get right, especially since Chrome recently added their requirement for Subject Alternative Names (a.k.a. SAN).
Here are my steps on getting this going with MacOS, Chrome, and rails / thin. For future reference…
1. Generate key & cert
Andrew’s post is what got me going here. The process to generate a proper cert & key combo that have a valid “SAN” requires creating a config file to pass to the openssl command. This did the trick for me:
Note the DNS.x lines at the end, this is where you configure your fake local host. After saving this file to “ssl.cnf” you can create your key/cert combo like follows:
openssl req -config ssl.cnf -new -x509 -sha256 -newkey rsa:2048 -nodes -days 1000 -keyout server.key -out server.crtYou might want to check that your SAN domain names got included, or else Chrome will moan. Use this command:
openssl x509 -noout -text -in server.crt | grep -i DNSWhich should give you something like this;

2. Create fake host
Make sure to setup your fake host with the operating system, in our case “localhost.ssl”:
echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts3. Add certificate to keychain
Make MacOS aware of this certificate by dragging the “crt” file onto the “System” section of Keychain Access:

… and don’t forget to mark it as “Always trust”:

That should do it! Now start your app.
4. Start the server
thin start --ssl --ssl-key-file ~/ssl/server.key --ssl-cert-file ~/ssl/server.crtYou should be good to go! If you have any issues, the “Security” tab of the developer console is helpful to debug any potential errors.

