Self-signed cert — Mac/Rails/Chrome edition

paulsc
paulsc
Jul 23, 2017 · 2 min read

Every now and then you need to test something locally using SSL, and want to avoid these pesky security warnings.

This is a tricky one to get right, especially since Chrome recently added their requirement for Subject Alternative Names (a.k.a. SAN).

Here are my steps on getting this going with MacOS, Chrome, and rails / thin. For future reference…

1. Generate key & cert

Andrew’s post is what got me going here. The process to generate a proper cert & key combo that have a valid “SAN” requires creating a config file to pass to the openssl command. This did the trick for me:

Note the DNS.x lines at the end, this is where you configure your fake local host. After saving this file to “ssl.cnf” you can create your key/cert combo like follows:

openssl req -config ssl.cnf -new -x509 -sha256 -newkey rsa:2048 -nodes -days 1000 -keyout server.key -out server.crt

You might want to check that your SAN domain names got included, or else Chrome will moan. Use this command:

openssl x509 -noout -text -in server.crt | grep -i DNS

Which should give you something like this;

2. Create fake host

Make sure to setup your fake host with the operating system, in our case “localhost.ssl”:

echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts

3. Add certificate to keychain

Make MacOS aware of this certificate by dragging the “crt” file onto the “System” section of Keychain Access:

… and don’t forget to mark it as “Always trust”:

That should do it! Now start your app.

4. Start the server

thin start --ssl --ssl-key-file ~/ssl/server.key --ssl-cert-file ~/ssl/server.crt

You should be good to go! If you have any issues, the “Security” tab of the developer console is helpful to debug any potential errors.

paulsc

Written by

paulsc

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade