在本地开发中,有时候经常需要模拟https环境,以前这些步骤需要一系列繁琐的openssl命令生成,尽管有脚本化的方案帮助简化输入这些命令。但是仍然觉得对本地开发不那么友好,有些繁重了。

本文将介绍一种更加简单友好的方式生成本地https证书,并且信任自签CA的方案——mkcert

安装

先安装certutil:

yum install nss-tools

再安装mkcert:

curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
chmod +x mkcert-v1.4.4-linux-amd64
mv mkcert-v1.4.4-linux-amd64 /usr/local/bin/mkcert

运行mkcert,看到下面内容就表示安装成功:

Usage of mkcert:

$ mkcert -install
Install the local CA in the system trust store.

$ mkcert example.org
Generate "example.org.pem" and "example.org-key.pem".

$ mkcert example.com myapp.dev localhost 127.0.0.1 ::1
Generate "example.com+4.pem" and "example.com+4-key.pem".

$ mkcert "*.example.it"
Generate "_wildcard.example.it.pem" and "_wildcard.example.it-key.pem".

$ mkcert -uninstall
Uninstall the local CA (but do not delete it).

使用install将mkcert使用的根证书加入了本地可信CA中,以后由该CA签发的证书在本地都是可信的。

mkcert -install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)! 🦊

生成证书

mkcert -key-file localhost.key -cert-file localhost.cert localhost 127.0.0.1 ::1

Note: the local CA is not installed in the system trust store.
Note: the local CA is not installed in the Firefox and/or Chrome/Chromium trust store.
Run "mkcert -install" for certificates to be trusted automatically ⚠️

Created a new certificate valid for the following names 📜
- "localhost"
- "127.0.0.1"
- "::1"

The certificate is at "localhost.cert" and the key at "localhost.key" ✅

It will expire on 27 September 2026 🗓

可以看到生成了localhost.key和localhost.cert,直接在server中使用就可以了

0
本文为原创文章,转载请注明出处,欢迎访问作者网站(和而不同)

发表评论

error: Content is protected !!