i’m need to bay ssl certificate for localhost any one can you help me
i have aweb site in my localy network & i’m need give ssl in mikrotek server
No public CA, including Let’s Encrypt, can issue a certificate for localhost - or any domoin name not publicly addressable for that matter.
You will either need to give it a publicly addressable name (it does not necessarily need to be exposed to the public internet though) or create your own internal CA.
thanks jared
im use self signed certificate.
but The page shows that the certificate is untrust
i need trueted ssl
Self signed certificates are never trusted, because anyone can make any certificate they want. That’s like me printing my own ID on a piece of paper and saying “I promise it’s me!” Nobody would trust that because I could have put anyone’s name there. Most people trust a document issued by the government, though, so ID’s made by them would be trusted.
If you create your own internal CA and place it’s root certificate in the trusted store on your machine, then certificates it issues will show as trusted to your machine. This is a complicated process, however.
The easiest thing to do would be to simply give that server a real domain name and get a certificate for that. You can then use your computer’s hosts file (Google that if you don’t know what I’m talking about) to direct requests to that domain to 127.0.0.1, which is localhost.
You can’t get a certificate for “localhost” name, but you can:
- choose a public domain name (MYNAME), which you control
- set your DNS records so that the domain name points to a server where you can run LE client
- get an LE certificate
- copy the new private key and certificate chain to where-ever you need the certificate.
- either a) set “hosts” file on the computer from which you connect so that MYNAME points to your IP address and then use MYNAME, instead of localhost b) set up the server, e.g., if it’s a web server, you can do redirect in apache/nginx configuration from localhost to MYNAME
thanks bro DanCvrcek
thanks jared …
You can also make a localhost.myname.com record and get a certificate for that, either by temporarily changing it to point at a publicly-routable IP address or by using the Let’s Encrypt DNS-01 challenge method, and then make localhost.myname.com resolve to the IP address 127.0.0.1 (localhost). Then you can access a service that has the certificate and key installed as https://localhost.myname.com/ from a browser running on that same machine.
This is just a tiny variantion on the methods that @DanCvrcek proposed.
Note that you are not allowed to distribute this private key with an application (some organizations have done this in violation of CAs’ terms of service, and the certificate can then be revoked). You can, however, use it for your own local development activities, as long as you don’t share the key with anybody else.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.