Create a self-signed SSL certificate and update Keychain Access on MacOS
Easily create a self-signed SSL certificate and update Keychain Access on MacOS using the terminal.
Creating a self-signed SSL certificate and updating Keychain Access on MacOS might be tricky. However, with mkcert this process can be done easily.
How to create a self-signed certificate with the command line?
We’ll use a simple tool called mkcert to make locally trusted development certificates. Here are the steps:
Install mkcert using brew:
brew install mkcert brew install nss # if you use Firefox
Generate a self-signed certificate for your local domain:
mkcert --install localhost.example.com
This should generate certificates:
./localhost.example.com-client-key.pem
and./localhost.example.com-client.pem
john@MacBook ~ % mkcert --client --install localhost.example.com The local CA is already installed in the system trust store! The local CA is already installed in the Firefox trust store! Created a new certificate valid for the following names - "localhost.example.com" The certificate is at "./localhost.example.com-client.pem" and the key at "./localhost.example.com-client-key.pem" It will expire on 20 July 2025
That’s all.
Updating Nginx configuration
Those who use Nginx may want to update the configuration. Example:
server { listen *:443 ssl http2; root /var/www/example; server_name localhost.example.com; ssl_certificate /path/to/certificate/localhost.example.com-client.pem; ssl_certificate_key /path/to/certificate/localhost.example.com-client-key.pem; }
If Nginx were installed using brew don’t forget to restart Nginx:
brew services restart nginx
Comments