问题
I've gone through the steps detailed in How do you use https / SSL on localhost? but this sets up a self-signed cert for my machine name, and when browsing it via https://localhost I receive the IE warning.
Is there a way to create a self-signed cert for "localhost" to avoid this warning?
回答1:
Although this post is post is tagged for Windows, it is relevant question on OS X that I have not seen answers for elsewhere. Here are steps to create a self-signed cert for localhost on OS X:
# Use 'localhost' for the 'Common name'
openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 365 -keyout localhost.key -out localhost.crt
# Add the cert to your keychain
open localhost.crt
In Keychain Access, double-click on this new localhost cert. Expand the arrow next to "Trust" and choose to "Always trust". Chrome and Safari should now trust this cert. For example, if you want to use this cert with node.js:
var options = {
key: fs.readFileSync('/path/to/localhost.key').toString(),
cert: fs.readFileSync('/path/to/localhost.crt').toString(),
ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384',
honorCipherOrder: true,
secureProtocol: 'TLSv1_2_method'
};
var server = require('https').createServer(options, app);
回答2:
You can use PowerShell to generate a self-signed certificate with the new-selfsignedcertificate cmdlet:
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"
Note: makecert.exe is deprecated.
Cmdlet Reference: https://technet.microsoft.com/itpro/powershell/windows/pkiclient/new-selfsignedcertificate
回答3:
After spending a good amount of time on this issue I found whenever I followed suggestions of using IIS to make a self signed certificate, I found that the Issued To and Issued by was not correct. SelfSSL.exe was the key to solving this problem. The following website not only provided a step by step approach to making self signed certificates, but also solved the Issued To and Issued by problem. Here is the best solution I found for making self signed certificates. If you'd prefer to see the same tutorial in video form click here.
A sample use of SelfSSL would look something like the following:
SelfSSL /N:CN=YourWebsite.com /V:1000 /S:2
SelfSSL /? will provide a list of parameters with explanation.
回答4:
Since this question is tagged with IIS and I can't find a good answer on how to get a trusted certificate I will give my 2 cents about it:
First use the command from @AuriRahimzadeh in PowerShell as administrator:
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"
This is good but the certificate is not trusted and will result in the following error. It is because it is not installed in Trusted Root Certification Authorities.
Solve this by starting mmc.exe.
Then go to:
File -> Add or Remove Snap-ins -> Certificates -> Add -> Computer account -> Local computer
Expand the Personal folder and you will see your localhost certificate:
Copy this into Trusted Root Certification Authorities - Certificates
The final step is to open Internet Information Services (IIS) Manager or simply inetmgr.exe. From there go to your site, select Bindings... and Add... or Edit.... Set https and select your certificate from the drop down.
Your certificate is now trusted:
回答5:
If you are trying to create a self signed certificate that lets you go http://localhost/mysite
Then here is a way to create it
makecert -r -n "CN=localhost" -b 01/01/2000 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.1 -sv localhost.pvk localhost.cer
cert2spc localhost.cer localhost.spc
pvk2pfx -pvk localhost.pvk -spc localhost.spc -pfx localhost.pfx
From http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/32bc5a61-1f7b-4545-a514-a11652f11200
回答6:
I would recomment Pluralsight's tool for creating self-signed-certs: http://blog.pluralsight.com/selfcert-create-a-self-signed-certificate-interactively-gui-or-programmatically-in-net
Make your cert as a .pfx and import it into IIS. And add it as a trusted root cert authority.
回答7:
Yes and no. Self signed certificates result in that warning message because the certificate was not signed by a trusted Certificate Authority. There are a few options that you can consider to remove this warning on your local machine. See the highest ranked answers to this question for details:
What do I need to do to get Internet Explorer 8 to accept a self signed certificate?
Hope this helps!
EDIT:
Sorry, I wasn't initially aware that you were constrained to localhost. You can attempt to follow the directions on the the link below to "Generate a Self Signed Certificate with the Correct Common Name."
http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html
来源:https://stackoverflow.com/questions/8169999/how-can-i-create-a-self-signed-cert-for-localhost