EDIT 16 Dec 2023: This post is valid as of now. It works for the latest version of Ubuntu 24.x. The only difference is that instead of mkcert <your_local_domain> use mkcert <your_local_domain> localhost 127.0.0.1
EDIT 12 Dec 2022: This post only works till Ubuntu 18.x . Later versions require a different process to setup mkcert.
One of the biggest problems that web developers face is to run a website on their local machines under https. Using OpenSSL to generate a certificate for localhost does not work because most browsers do not accept self-signed certificates.
mkcert is a life-saver in this case. What it does is that it creates its own authority which certifies the SSL certificate. Of course this only works if you are using the domain in your local system and not on a public server.
We will see how to setup mkcert on Ubuntu, such that sites hosted on Apache webserver can then be run on https locally.
First we install the Network Security Service tools package using sudo apt install libnss3-tools . This command is very important because it installs certutil which is a tool to install locally generated certificates into Firefox and Chrome. Without it, the certificates would not work in those browsers.
mkcert uses the brew installer for installation, so we need to install brew using sudo apt install linuxbrew-wrapper
We install mkcert by typing brew install mkcert
After installation the location of mkcert will be in /home/linuxbrew/.linuxbrew/bin/mkcert
We will now create the local Certificate Authority (CA) installed in the trust store:
cd /home/linuxbrew/.linuxbrew/bin
./mkcert install
Now we create the SSL for a domain that you are using locally on the system eg.mysite.test
./mkcert mysite.test
Two files will be created in the current folder:
1.mysite.test.pem which is the certificate file
2.mysite.test-key.pem which is the key file
Now these two files can be used in Apache to run the domain under SSL
We first enable the ssl-mod for Apache:
sudo a2enmod ssl
sudo systemctl restart apache2
We have to configure the target domain to work with the new certificate files.
cd /etc/apache2
cd sites-available
cp default-ssl.conf mysite.test.conf
Open mysite.test.conf in an editor and make the following changes:
ServerName mysite.test
DocumentRoot <whatever the root folder is>
SSLCertificateFile /home/linuxbrew/.linuxbrew/bin/mysite.test.pem
SSLCertificateKeyFile /home/linuxbrew/.linuxbrew/bin/mysite.test-key.pem
Save the file
Enable the site :
sudo a2ensite mysite.test.conf
sudo systemctl reload apache2
Make sure that there is an entry for mysite.test in /etc/hosts
127.0.0.1 mysite.test
Now you should be able to open https://mysitetest.conf
Good work but I need you to explain that on the windows environment