Issue localhost development server certificates signed by own Private Certificate Authority in no time.
Use !pric only for development on local hosts. For public hosts consider using Let's Encrypt!
Self-signed certificates cause trust errors and issuing locally-trusted development certificates signed by a real
Certificate Authority (CA) can be dangerous or even impossible for the hosts like 127.0.0.1
or localhost
.
!pric automatically creates and installs a local CA in the system root store, and generates locally-trusted certificates.
Download !pric sources via browser and unzip archive.
Or just download and untar it with terminal command:
wget -c https://github.com/pric/pric/archive/master.tar.gz -O - | tar -xz
Go to the extracted pric-master
directory and execute pric.sh
terminal command:
sh pric.sh
This command will:
- Generate Certificate Authority private key in
/usr/local/share/ca-certificates/!pric/ca.key
- Generate Certificate Authority self-signed certificate in
/usr/local/share/ca-certificates/!pric/ca.crt
- Update operating system Certificate Authority registry
- Generate localhost private key in
./output/localhost.key
- Generate localhost certificate signing request in
./output/localhost.csr
- Generate localhost certificate signed by Certificate Authority in
./output/localhost.crt
- Compile PEM file in
~/localhost-certificate.pem
(required for Reverse proxy for PHP built-in server)
Terminal output:
- Go to
about:preferences
in address bar. - Search for
Certificates
and clickView Cerficicates
button. - In
Authorities
tab clickImport
and choose/usr/local/share/ca-certificates/!pric/ca.crt
certificate.
!pric
Certificate Authority will be added to the list.
- Go to
chrome://settings/certificates
in address bar. - In
Authorities
tab clickImport
and choose/usr/local/share/ca-certificates/!pric/ca.crt
certificate.
org-!pric
Certificate Authority will be added to the list.
- macOS system store
- Linux system store
- update-ca-trust (RHEL, CentOS, Fedora) or
- update-ca-certificates (Ubuntu, Debian, OpenSUSE, SLES)
By default !pric
creates certificate for the following domain names:
localhost
test.localhost
*.test.localhost
(wildcard)
This list could be changed in ./openssl.dns.cnf
file (!pric
creates missing config file on start).
Run web development server on 4000 port and try to access it via cURL:
$ curl -v https://localhost:4000
* Rebuilt URL to: https://localhost:4000/
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 4000 (#0)
* found 150 certificates in /etc/ssl/certs/ca-certificates.crt
* found 602 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: localhost (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: O=!pric,CN=localhost
* start date: Mon, 21 Oct 2019 00:11:45 GMT
* expire date: Wed, 27 Sep 2119 00:11:45 GMT
* issuer: O=!pric,CN=localhost
* compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: localhost:4000
> User-Agent: curl/7.47.0
> Accept: */*
!pric
is open-sourced software licensed under the MIT license by Anton Komarev.IT Specialist Help
logo image licensed under Creative Commons 3.0 by Gan Khoon Lay.