3

As a web developer, I have a lot of websites locally on my computer. I am trying to set it up so that they can be accessed over HTTPS.

Here is the vhosts section of my http config

<VirtualHost *:80>
    ServerName test.local
    ServerAlias *.local
    VirtualDocumentRoot /home/jonathan/Sites/%-2/public_html
    CustomLog /home/jonathan/Sites/access.log vhost_combined
    ErrorLog /home/jonathan/Sites/error.log
</VirtualHost>

<VirtualHost *:443>
    ServerName test.local
    ServerAlias *.local
    VirtualDocumentRoot /home/jonathan/Sites/%-2/public_html
    CustomLog /home/jonathan/Sites/access.log vhost_combined
    ErrorLog /home/jonathan/Sites/error.log
    SSLEngine On
    SSLCertificateFile /home/jonathan/Sites/public.cert
    SSLCertificateKeyFile /home/jonathan/Sites/private.key
</VirtualHost>

I think this works as when I go to http://dotjs.local I am served index.html from /home/jonathan/Sites/dotjs/public_html/.

If I go to https://dotjs.local, I get a warning but if I ignore it, I also get served the same file.

I am having issues getting a certificate to work.

I followed (this)[https://blog.celogeek.com/201209/209/how-to-create-a-self-signed-wildcard-certificate/] guide to create my certificate except I named the files public.cert and private.key as per my vhosts config.

When creating the certificate with the following command: openssl req -new -x509 -nodes -sha1 -days 3650 -key private.key > public.cert

I entered the following (I have hidden some of my personal details):

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:{My county}
Locality Name (eg, city) []:{My city}
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Blar
Organizational Unit Name (eg, section) []:Blar
Common Name (e.g. server FQDN or YOUR name) []:*.local
Email Address []:{My email address}

I then import the host.perm into chromium but (after a restart) I still get the following:Chromium Responce

Jonathan Hodgson
  • 342
  • 1
  • 3
  • 16
  • Late versions of Chrome gives error unless the certificate have an SAN attribute. You can try to regenerate your certificate by adding SAN attr. with one DNS entry. You can check this link to have a such ceritificate. https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-command-line – LittleSmurfie Apr 27 '17 at 14:55
  • Thanks @LittleSmurfie, I've just tried in firefox and I'm getting the same – Jonathan Hodgson Apr 27 '17 at 19:15

0 Answers0