Running localhost On https Using mkcert

EDIT 16 Dec 2023: This post is valid as of now. It works for the latest version of Ubuntu 24.x. The only difference is that instead of mkcert <your_local_domain> use mkcert <your_local_domain> localhost 127.0.0.1

EDIT 12 Dec 2022: This post only works till Ubuntu 18.x . Later versions require a different process to setup mkcert.

One of the biggest problems that web developers face is to run a website on their local machines under https. Using OpenSSL to generate a certificate for localhost does not work because most browsers do not accept self-signed certificates.

mkcert is a life-saver in this case. What it does is that it creates its own authority which certifies the SSL certificate. Of course this only works if you are using the domain in your local system and not on a public server.

We will see how to setup mkcert on Ubuntu, such that sites hosted on Apache webserver can then be run on https locally.

First we install the Network Security Service tools package using sudo apt install libnss3-tools . This command is very important because it installs certutil which is a tool to install locally generated certificates into Firefox and Chrome. Without it, the certificates would not work in those browsers.

mkcert uses the brew installer for installation, so we need to install brew using sudo apt install linuxbrew-wrapper

We install mkcert by typing brew install mkcert

After installation the location of mkcert will be in /home/linuxbrew/.linuxbrew/bin/mkcert

We will now create the local Certificate Authority (CA) installed in the trust store:

cd /home/linuxbrew/.linuxbrew/bin

./mkcert install

Now we create the SSL for a domain that you are using locally on the system eg.mysite.test

./mkcert mysite.test

Two files will be created in the current folder:

1.mysite.test.pem which is the certificate file

2.mysite.test-key.pem which is the key file

Now these two files can be used in Apache to run the domain under SSL

We first enable the ssl-mod for Apache:

sudo a2enmod ssl

sudo systemctl restart apache2

We have to configure the target domain to work with the new certificate files.

cd /etc/apache2

cd sites-available

cp default-ssl.conf mysite.test.conf

Open mysite.test.conf in an editor and make the following changes:

ServerName mysite.test

DocumentRoot <whatever the root folder is>

SSLCertificateFile /home/linuxbrew/.linuxbrew/bin/mysite.test.pem

SSLCertificateKeyFile /home/linuxbrew/.linuxbrew/bin/mysite.test-key.pem

Save the file

Enable the site :

sudo a2ensite mysite.test.conf

sudo systemctl reload apache2

Make sure that there is an entry for mysite.test in /etc/hosts

127.0.0.1 mysite.test

Now you should be able to open https://mysitetest.conf

1 Comment

Leave a Reply

Your email address will not be published.


*