openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
Category: SSL
The certificate for this server is invalid
If you try to access a https website in iOS simulator, you will see the error below.
Error loading page
Domain: NSURLErrorDomain
Error Code: -1202
Description: The certificate for this server is invalid. You might be connecting to a server that is pretending to be "your-domain.com" which could put your confidential information at risk.
Follow the steps below to bypass the ssl cert validation:
1. Drag and drop the .crt file to the iOS simulator.
2. Go to Settings > General > Profile, Select the cert and click “Install”.
3. Go to Settings > General > About > Certificate Trust Settings, Turn on the “Enable Full Trust for Root Certificates” option.
Create a certificate for localhost on Mac OS
1. Generate cert
openssl req -x509 -out www.my-helper.test.crt -keyout www.my-helper.test.key \ -newkey rsa:2048 -nodes -sha256 \ -subj '/CN=www.my-helper.test' -extensions EXT -config <( \ printf "[dn]\nCN=www.my-helper.test\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:www.my-helper.test\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
2. Add the certificate to Keychain Access
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain www.my-helper.test.crt
3. Update Apache config
<VirtualHost 127.0.0.1:443> ... SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /Applications/AMPPS/www/my-helper.test/certs/www.my-helper.test.crt SSLCertificateKeyFile /Applications/AMPPS/www/my-helper.test/certs/www.my-helper.test.key </VirtualHost>
Reference:
https://letsencrypt.org/docs/certificates-for-localhost/
https://gist.github.com/jonathantneal/774e4b0b3d4d739cbc53
Apache SNI
Step 1. vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:443 Include /etc/httpd/conf/extra/httpd-vhosts.conf
Step 2. vim /etc/httpd/conf/extra/httpd-vhosts.conf
<VirtualHost *:443>
DocumentRoot "/var/www/vhosts/my-helper.com/htdocs"
ServerName my-helper.com
ServerAlias www.my-helper.com
<Directory "/var/www/vhosts/my-helper.com/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog "/var/www/vhosts/my-helper.com/logs/ssl_error_log"
TransferLog "/var/www/vhosts/my-helper.com/logs/ssl_access_log"
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/my-helper.com/my-helper.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/my-helper.com/ca.key
SSLCertificateChainFile /etc/pki/tls/certs/my-helper.com/gd_bundle.crt
</VirtualHost>
Check SSL cert expire date from the cert file (.pem)
openssl x509 -enddate -noout -in cert.pem