SSL on localhost

I apologize if this is slightly off topic, but there are lots of smart SSL folks here and this is possibly an easy question to answer.

I use LE on my production servers (works great–thank you) and I’m trying to set up SSL for my local development server (Ubuntu 18.04 LTS running on Windows 10 Linux Subsystem). Using OpenSSL I have it working for https://localhost, but when I try to create a cert for a virtual domain I’ve mapped to my server, like “https://local.mysite.com,” I keep getting the “NET::ERR_CERT_COMMON_NAME_INVALID” from my browsers.

In other words I’m able to generate .crt and .key files but something isn’t right about how I’m handling the domain names in the configuration. I’ve been all over Google and just can’t seem to get a handle on it.

In my configuration I have:
CN = local.mysite.com

Is this wrong? My method worked fine when it was CN = localhost but I can’t get it to work with a domain name. Tried a trailing period and other methods but no dice.

Any guidance appreciated. Thanks.

“localhost”(as FQDN) or 127.0.0.1, ::1 get special treatment from browser, as it’s obvious you are looking for your own machine and unlikely to modified.
local.mysite.com” doesn’t have such treatment, so you’ll need publically trusted certificate

Consider using https://github.com/FiloSottile/mkcert to create locally trusted certificates for any domain.

Hey thanks everyone for chiming in so quickly.

Believe it or not I finally go this working, with a little help from How to Create Your Own SSL Certificate Authority for Local HTTPS Development.

Here's the config. that seemed to do the trick:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = local.mysite.com
DNS.2 = local.mysite.com.127.0.0.0.xip.io

Thanks again. I won't tell you how many hours I've been burning trying to crack this one! Feels good to finally get it right.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.