Generate a CSR for production use:
openssl req -nodes -newkey rsa:2048 -sha256 -keyout mysite-ssl.private-key.pem -out mysite-ssl.csr -subj ' /C=US/ST=California/L=Palo Alto/O=My Company Inc./CN=*.example.com'
Generate a long-lasting self-signed cert & trust it for localhost development usage:
openssl req -nodes -newkey rsa:2048 -sha256 -x509 -days 3650 -keyout selfsigned.key -out selfsigned.crt -subj ' /C=US/ST=Anywhere/L=Anywhere/O=Localhost/CN=local.example.com'
Tell OS X to remember & trust a self-signed certificate
sudo security add-trusted-cert -p ssl -d -r trustRoot -k ~ /Library/Keychains/login.keychain selfsigned.crt
Generate a long-lasting self-signed multi-domain (SAN) cert & trust it for localhost development usage:
openssl req \
-nodes \
-newkey rsa:2048 \
-sha256 \
-x509 \
-days 3650 \
-keyout selfsigned.key \
-out selfsigned.crt \
-subj ' /C=US/ST=California/L=Palo Alto/O=My Company Inc./CN=example.com' \
-config <(
cat << -EOF
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
[req_distinguished_name]
countryName =
countryName_default =
stateOrProvinceName =
stateOrProvinceName_default =
localityName =
localityName_default =
organizationalUnitName=
OrganizationallUnitName_default=
commonName =
commonName_max= 64
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
subjectAltName = @alt_names
[alt_names]
DNS.1 = example.com
DNS.2 = example.org
EOF
)