有时候在本地开发时候也需要配置ssl证书,这样保证和线上环境一样,更适合调试,所以本篇介绍如何配置本地免费ssl证书。

安装mkcert

linux安装

mkcert是Google公司开发的一款小工具,用来自签本地证书。

  • 安装certutil
1
2
3
4
5
6
7
sudo apt install libnss3-tools
-or-
sudo yum install nss-tools
-or-
sudo pacman -S nss
-or-
sudo zypper install mozilla-nss-tools

记得使用非root账号操作,否则报错!

1
2
3
4
5
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
test -d ~/.linuxbrew && eval $(~/.linuxbrew/bin/brew shellenv)
test -d /home/linuxbrew/.linuxbrew && eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv)
test -r ~/.bash_profile && echo "eval \$($(brew --prefix)/bin/brew shellenv)" >>~/.bash_profile
echo "eval \$($(brew --prefix)/bin/brew shellenv)" >>~/.profile
  • 安装mkcert
1
brew install mkcert

签署证书

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# root certbot
mkcert -install

# command
mkcert -key-file key.pem -cert-file cert.pem example.com *.example.com

# option
-cert-file FILE, -key-file FILE, -p12-file FILE
Customize the output paths.

-client
Generate a certificate for client authentication.

-ecdsa
Generate a certificate with an ECDSA key.

-pkcs12
Generate a ".p12" PKCS #12 file, also know as a ".pfx" file,
containing certificate and key for legacy applications.

-csr CSR
Generate a certificate based on the supplied CSR. Conflicts with
all other flags and arguments except -install and -cert-file.

展示

linux ssl
linux ssl