Self-Signed SSL Certificate (https) for 127.0.0.1 (localhost)

Docker 1 Minute

I’ve updated my old repository on generating SSL certificates containing an IP SAN, which essentially allows to call https on IP addresses. It is still based on Docker, and now you can generate the certificates in a single command

docker run --rm -it -v$PWD:/certs firefoxmetzger/create_localhost_ssl

After filling in the required information, the container will generate the certificate, place it into your current folder and then self-destruct.

If you want the certificate stored in a different location, or if the $PWD environment variable isn’t defined (Windows, some unix variants). Replace $PWD with the location of your choice:

docker run --rm -it -v<absolute_path>:/certs firefoxmetzger/create_localhost_ssl

If you need to customize the certificate you can supply your own config file

docker run --rm -it -v$PWD:/certs -v<absolute/path/to/config.cfg>:/config.cfg firefoxmetzger/create_localhost_ssl

You can find the default config (and all other files) on GitHub, and – for your convenience – I pasted the config below, too.

[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
subjectAltName=@alternate_names
[ alternate_names ]
IP.1 = 127.0.0.1
view raw config.cfg hosted with ❤ by GitHub
Defaul config.cfg

Happy Coding.

Published by firefoxmetzger

Published

One thought on “Self-Signed SSL Certificate (https) for 127.0.0.1 (localhost)

  1. Pingback: SSO for your App via Auth0 + Nginx + Docker + Vouch-Proxy – Sebastian Wallkötter

Leave a comment