Long gone are the days when https for websites was a curiosity; reserved only for the checkout page. Encryption is the norm now.
But as creators, we never bothered with https when developing something. In fact, it was a burden. We cannot get “real” https certificates on our local workstations. We have to create our own.
So let’s fake being a huge provider like Go Daddy! When it all works, maybe we get to shoot some elephants too!
These instructions are for a Debian/Ubuntu workstation.
What we want: to create https for any random domain we need. We can just be bothered with a one-time setup, but we need zero friction for individual websites. We have to become a Certificate Authority.
I’ve tried many variations, and this is the fastest way by far:
It’s a script that automates all the painful cryptic stuff. Download it.
Say we want to https-ify www.example.local. Behold, the magic:
easyrsa init-pki easyrsa build-ca nopass easyrsa --req-cn=example.local gen-req example.local nopass easyrsa --subject-alt-name='DNS:example.local,DNS:www.example.local' \ sign-req server example.local
We have to let our computer believe this is all bonafide https infrastructure.
# Place our CA certificate where the computer will find it sudo ln -s ~/pki/ca.crt /usr/local/share/ca-certificates/$HOST.crt # Refresh the list of Certificate Authorities. # This should show a message that one certificate was added: # Adding debian:$HOST.pem sudo update-ca-certificates --fresh
Chrome and Firefox need to have this certificate imported separately. This is a button in the preferences.
To switch from http to https, we need a certificate and a key, exactly like in the real world.
The certificate is in
The corresponding key is in
Where these go depends on the software you’re using.