Self-Signed SSL Certificate (https) for 127.0.0.1 (localhost)

I’ve updated my old repository on generating SSL certificates containing an IP SAN, which essentially allows to call https on IP addresses. It is still based on Docker, and now you can generate the certificates in a single command

docker run --rm -it -v$PWD:/certs firefoxmetzger/create_localhost_ssl

After filling in the required information, the container will generate the certificate, place it into your current folder and then self-destruct.

If you want the certificate stored in a different location, or if the $PWD environment variable isn’t defined (Windows, some unix variants). Replace $PWD with the location of your choice:

docker run --rm -it -v<absolute_path>:/certs firefoxmetzger/create_localhost_ssl

If you need to customize the certificate you can supply your own config file

docker run --rm -it -v$PWD:/certs -v<absolute/path/to/config.cfg>:/config.cfg firefoxmetzger/create_localhost_ssl

You can find the default config (and all other files) on GitHub, and – for your convenience – I pasted the config below, too.

[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
subjectAltName=@alternate_names
[ alternate_names ]
IP.1 = 127.0.0.1
view raw config.cfg hosted with ❤ by GitHub
Defaul config.cfg

Happy Coding.

One thought on “Self-Signed SSL Certificate (https) for 127.0.0.1 (localhost)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s