Is there anywhere that I can get a valid , signed, SSL cert to the "localhost" domain for testing?
Solution 1
I have a really hard time believing that exists, since it's against the nature of SSL.
The CA's that are in your root-certificate list are companies who we've given our trust to. Their job is to verify that the ones who own the certificate are the ones they claim to be. Giving a localhost
-certificate to anyone like this, would break this concept. Even for testing.
Solution 2
The localtest.me cert seems to be no longer available, but see https://github.com/Daplie/localhost.daplie.com-certificates. It's not a wildcard cert though.
Related videos on Youtube
djangofan
I always pay it forward. I ask questions so I can learn and I try to help others.
Updated on September 18, 2022Comments
-
djangofan over 1 year
Is there anywhere that I can get a valid , signed, SSL cert to the "localhost" domain for testing? Does anyone anywhere offer a download of something like this that I can use in testing? I know how to use openssl to sign a key with a CA, but there are a lot of steps involved and I am hoping there is something quick and easy.
What I want is a canned test CA that I can import into my trusted CA stores and then a accompanying jks keystore that has the cert chain in it for that CA.
So, it would be a 3 step process, within a protected sandbox :
1. Get a new distro of Jetty, enable the SSL connector, point it to the localhost.jks keystore 2. Import the CA that signed the localhost cert in the localhost.jks into my web browser 3. Browse to Tomcat on the SSL port , look at the cert and see the cert chain.
-
ravi yarlagadda over 12 yearsWhy not just use and trust a self-signed?
-
Greg Petersen over 12 yearsWrite your own shell script to do it, for e.g: gist.github.com/1121067
-
djangofan over 12 years@Shane Madden - since i test all the time with different JVMs and different browsers, i'd rather not have to import the trusted certificate over and over again all the time. the utopian idea would be to have a cert that belongs to one of the pre-trusted CAs.
-
-
djangofan over 12 yearsThats what I suspect also, but still hoping for a hail-mary answer. Otherwise I am going to have to take the time to create a script, setup openssl, get it all working, etc.
-
Ziron5 over 12 yearsIt's not that big of a job, you just have to create a self-signed certificate, which is the same thing minus the verification process + creating the ca certificates ... and then also import that ca-certificate to your list of trusted ca's.
-
Ziron5 over 12 years@andol My claim isn't that the concept is perfect. My claim is that the concept is what it is. SSL is a broken system, and you have to be aware that trusting the identities of the SSL-certificates mean trusting the Certificate Authority. I don't say they can be trusted. However, if one want to create spoofed certificates - phishing localhost isn't the most interesting target.
-
likeitlikeit almost 11 yearsThis actually exists, see readme.localtest.me
-
djangofan over 8 years@likeitlikeit Thanks for the link! Nice to see a real history of someone trying this. Seems like I could do the same thing with my own CA.
-
ZzZombo over 6 yearsNo longer works for this.
-
ZzZombo over 6 yearsUpdated link: git.daplie.com/Daplie/serve-https.