One certificate to sign them all
Creates a trusted certificate authority on your Mac for dev mode
This script creates a trusted CA on your Mac and signs new trusted certificates with it. These are modern certificates that will pass modern browsers' heightened requirements. This is similar in function to mkcert but more easily configured using OpenSSL .cnf files.
Run bash gen-certs.sh
and you'll be walked through the rest. Mac will ask for your password to add the CA to your keychain.
To use the website, run sudo nano /etc/hosts
and add the following lines:
127.0.0.1 server-1.com
127.0.0.1 api.server-1.com
You can sign as many server certificates as you want with this new CA on your device. Just duplicate the server-1.cnf
and duplicate the last two lines of gen-certs.sh
.
If you're developing with Node, make sure to export NODE_EXTRA_CA_CERTS=$(pwd)/certs/ca-crt.pem
to trust your CA.