Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set up HTTPS for local testing purposes?

Tags:

https

ssl

apache

I need to see how a web application will work with HTTPS. But I can't really find much information around about it. I tried to set up my local Apache but I can't find a CA autorithy to sign my certificate... Hints? Suggestions?

like image 208
gotch4 Avatar asked Jul 02 '10 09:07

gotch4


2 Answers

The possibilities to consider are:

  1. Generate your own certificate (self-signed certificate)
  2. Get a certificate issued by a known issuer
  3. Get a certificate issued by an issuer not recognised by the browser

Nr. 1 is probably the most widely used solution. You can find instructions here. The only disadvantage is that browsers will complaint about the unknown CA. In Firefox, you can just add a permanent exception and get rid of the warning. (Neither Chrome nor Internet Explorer seem to provide such option.)

Nr. 2 normally costs money so it isn't a popular choice for dev environments.

Nr. 3 can be obtained for free (see https://www.cacert.org/) but they also trigger a browser warning. A difference with nr. 1 is that you have the possibility of adding the CA to your browser's trusted authorities; however, that's a serious decision that requires serious consideration because of its security implications. In general, I would not recommend it for mere testing.

like image 180
Álvaro González Avatar answered Sep 30 '22 01:09

Álvaro González


Self-signed certificates (as already mentioned) are probably the easiest option for a single host.

If there are a few hosts, you could create a mini CA of your own. There are tools for this, for example:

  • CA.pl: a script provided with OpenSSL.
  • TinyCA: a tool with a GUI.
like image 36
Bruno Avatar answered Sep 29 '22 23:09

Bruno