Self-signed certificates

Modern web-browsers are making it more and more difficult to use non-secured HTTP even when debugging on a local machine where trust is inherent. Therefore, web-developers must set up self-signed certificates on their development machines for the most basic operations.

This guide shows how to set up a local development machine with self-signed certificates for SSL secure HTTP debugging.

Become your own Certificate Authority (CA)
It all boils down to trust. Certificate authorities are holders of private/public keys that are known to be trusted. How do they get on The List? We don't care. They are there and we are not. So, we have to establish ourselves as our own trusted certificate authorities, and add ourselves to the trusted authorities list. This is probably a good time to brush up on modern security concepts like private keys, public keys, and what is a "certificate". Here are the steps to setting up your own local certificate authority:
Generate a key: eg. CA-local.key
openssl genrsa -des3 -out CA-local.key 2048
Generate a root certificate: eg. CA-local.crt
openssl req -x509 -new -nodes -key CA-local.key -sha256 -days 3653 -out CA-local.pem
Add the root certificate to your Linux development machine.
sudo ln -s CA-local.pem /usr/local/share/ca-certificates/CA-local.crt
sudo update-ca-certificates
Add the root certificate to your browser.
Import the certificate into your Certificate authorities in Settings|Privacy and security|Manage certificates|Authorities|Import
Add the certificate to Chrome-Project-based browsers.
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n CA-local -i CA-local.pem
References:
1 / 2023