What are the best ways and practices to manage local SSL certificates with my own CA, to get local HTTPS sites like https://testsite.local ?
by ZhaoLin1457 from LinuxQuestions.org on (#5DRN7)
I try to to setup a Slackware box (technically a laptop) for a friend who's web developer, but not a Slacker.
He have idea how to use a Linux operating system, but has no interests and time to become a Linux Guru. So I try to automatize a bit the things for him.
As preamble, I think that Slackware-current looks like an ideal platform for a web-developer specialized on PHP sites, who needs a desktop with a good editor, the major web browsers and a LAMP server running in background to permit to inspect the site on development.
Our -current has now Plasma5, with Kate and KDevelop, which looks being quite decent for PHP development (at least so says my friend) and also it have Apache, PHP and MySQL, exactly what we need for the local web server.
However, there's a condition: he needs to use local HTTPS sites for testing and Let's Encrypt does not help on this case.
My idea is to create a set of scripts which could be used to create, remove or list the local sites and until now, I've managed to configure the Apache (and the associated PHP and MySQL) to use a directory /etc/httpd/vhosts , where are put config files defining virtual hosts and also I used a poor man's local DNS resolution, adding/removing the local sites from /etc/hosts
So, I'm currently able to create and run locally over HTTP a PHP site with MySQL support, named like: http://testsite.local
However, at final this site should use the HTTPS, like https://testsite.local
And another condition is that this local HTTPS site should work fine with Firefox, Chromium, Chrome and Microsoft Edge for Linux. Of course, everything locally.
For this, I understand that I need to create a convenient master CA certificate to be put into /etc/ssl/certs then to generate SSL certificates for every local site.
And there comes my question:
what are the best ways and practices to manage local SSL certificates for sites living literally in the box and not accessible from outside?
He have idea how to use a Linux operating system, but has no interests and time to become a Linux Guru. So I try to automatize a bit the things for him.
As preamble, I think that Slackware-current looks like an ideal platform for a web-developer specialized on PHP sites, who needs a desktop with a good editor, the major web browsers and a LAMP server running in background to permit to inspect the site on development.
Our -current has now Plasma5, with Kate and KDevelop, which looks being quite decent for PHP development (at least so says my friend) and also it have Apache, PHP and MySQL, exactly what we need for the local web server.
However, there's a condition: he needs to use local HTTPS sites for testing and Let's Encrypt does not help on this case.
My idea is to create a set of scripts which could be used to create, remove or list the local sites and until now, I've managed to configure the Apache (and the associated PHP and MySQL) to use a directory /etc/httpd/vhosts , where are put config files defining virtual hosts and also I used a poor man's local DNS resolution, adding/removing the local sites from /etc/hosts
So, I'm currently able to create and run locally over HTTP a PHP site with MySQL support, named like: http://testsite.local
However, at final this site should use the HTTPS, like https://testsite.local
And another condition is that this local HTTPS site should work fine with Firefox, Chromium, Chrome and Microsoft Edge for Linux. Of course, everything locally.
For this, I understand that I need to create a convenient master CA certificate to be put into /etc/ssl/certs then to generate SSL certificates for every local site.
And there comes my question:
what are the best ways and practices to manage local SSL certificates for sites living literally in the box and not accessible from outside?