Using Self-Signed SSL Certificates
Although self-signed SSL certificates are not trusted by public certification authorities (CAs), they are still very useful in local development and testing environments. This article will introduce how to generate a self-signed ECC (Elliptic Curve Cryptography) SSL certificate using the built-in OpenSSL tool in ServBay and configure these certificates in ServBay. We will use servbay.demo as an example for illustration.
Step One: Generate a Self-Signed ECC SSL Certificate
First, we recommend using ECC certificates as they offer higher security and better performance. Here are the specific steps:
Generate an ECC Private Key
Open a terminal and run the following command to generate an ECC private key:
shopenssl ecparam -genkey -name prime256v1 -out servbay_demo.keyGenerate a Certificate Signing Request (CSR)
Use the generated private key to create a certificate signing request:
shopenssl req -new -key servbay_demo.key -out servbay_demo.csrDuring this process, you will need to provide some information. Here is an example input:
Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Hong Kong Locality Name (eg, city) []:Kowloon Organization Name (eg, company) [Internet Widgits Pty Ltd]:ServBay Organizational Unit Name (eg, section) []:Development Common Name (e.g. server FQDN or YOUR name) []:servbay.demo Email Address []:[email protected]Generate the Self-Signed Certificate
Use the CSR and private key to generate a self-signed SSL certificate valid for 365 days:
shopenssl x509 -req -days 365 -in servbay_demo.csr -signkey servbay_demo.key -out servbay_demo.crt
Step Two: Use the Self-Signed SSL Certificate in ServBay
After generating the self-signed ECC SSL certificate, the next step is to configure these certificates in ServBay. Place the generated certificate files in the /Applications/ServBay/ssl directory for easy management and use.
Move the Certificate Files to the Specified Directory
Use the following commands to move the generated certificate files to the
/Applications/ServBay/ssldirectory:shmv servbay_demo.key /Applications/ServBay/ssl/ mv servbay_demo.crt /Applications/ServBay/ssl/ mv servbay_demo.csr /Applications/ServBay/ssl/Open the ServBay Management Panel
Start the ServBay application and go to the management panel.
Add a Host
Choose the
Hostoption in the management panel.Select the SSL Certificate Issuance Method
During the process of adding a host, you will see an option for selecting the SSL certificate issuance method. Choose
Custom.Specify the Certificate Files
In the
certificate key fileandcertificate filefields, specify the paths to the private key file and certificate file you generated:- Certificate private key file:
/Applications/ServBay/ssl/servbay_demo.key - Certificate file:
/Applications/ServBay/ssl/servbay_demo.crt
- Certificate private key file:
Set the Hostname and Domain Name
In the domain name field, enter
servbay.demo.Complete Adding the Host
Follow the prompts to complete the process of adding the host. At this point, your host will use the self-signed ECC SSL certificate.
Verify the Configuration
After completing the above steps, you can access the configured host through a browser. If the browser indicates that the certificate is not trusted, this is normal because self-signed certificates are not recognized by public trust authorities. You can choose to manually trust the certificate to continue accessing.
Summary
By following the above steps, you can generate and use a self-signed ECC SSL certificate in ServBay. Although self-signed certificates are not publicly trusted, they provide a convenient solution for local development and testing. We hope this article helps you successfully configure self-signed SSL certificates and improve your development efficiency.