Using Self-Signed SSL Certificates
Although self-signed SSL certificates are not trusted by public Certificate Authorities (CAs), they are still very useful in local development and testing environments. This article will explain how to use the OpenSSL tool included with ServBay to generate a self-signed ECC (Elliptic Curve Cryptography) SSL certificate and configure these certificates in ServBay. We will use servbay.demo as an example.
Step 1: Generating a Self-Signed ECC SSL Certificate
First, we recommend users to use ECC certificates because they offer better security and performance. Here are the specific steps:
Generate ECC Private Key
Open the terminal and run the following command to generate an ECC private key:
shopenssl ecparam -genkey -name prime256v1 -out servbay.demo.keyGenerate Certificate Signing Request (CSR)
Use the generated private key to create a certificate signing request:
shopenssl req -new -key servbay.demo.key -out servbay.demo.csrDuring this process, you will need to provide some information. Here is an example input:
Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Hong Kong Locality Name (eg, city) []:Kowloon Organization Name (eg, company) [Internet Widgits Pty Ltd]:ServBay Organizational Unit Name (eg, section) []:Development Common Name (e.g. server FQDN or YOUR name) []:servbay.demo Email Address []:[email protected]Generate Self-Signed Certificate
Use the CSR and private key to generate a self-signed SSL certificate with a validity of 365 days:
shopenssl x509 -req -days 365 -in servbay.demo.csr -signkey servbay.demo.key -out servbay.demo.crt
Step 2: Using Self-Signed SSL Certificates in ServBay
After generating the self-signed ECC SSL certificate, the next step is to configure these certificates in ServBay. Please place the generated certificate files in the /Applications/ServBay/ssl directory for easy management and usage.
Move Certificate Files to the Specified Directory
Use the following commands to move the generated certificate files to the
/Applications/ServBay/ssldirectory:shmv servbay.demo.key /Applications/ServBay/ssl/private/tls-certs/servbay.demo/ mv servbay.demo.crt /Applications/ServBay/ssl/private/tls-certs/servbay.demo/ mv servbay.demo.csr /Applications/ServBay/ssl/private/tls-certs/servbay.demo/Open ServBay Management Panel
Start the ServBay application and enter the management panel.
Add Host
Select the
Hostoption in the management panel.Select SSL Certificate Issuance Method
During the host addition process, you will see an option to choose the SSL certificate issuance method. Select
Custom.Specify Certificate Files
In the
certificate key fileandcertificate filefields, specify the generated private key file and certificate file respectively:- Certificate Private Key File:
/Applications/ServBay/ssl/private/tls-certs/servbay.demo/servbay.demo.key - Certificate File:
/Applications/ServBay/ssl/private/tls-certs/servbay.demo/servbay.demo.crt
- Certificate Private Key File:
Set Hostname and Domain Name
Enter
servbay.demoin the domain name field.Complete Host Addition
Follow the prompts to complete the process of adding the host. Your host will now use the self-signed ECC SSL certificate.
Verify Configuration
After completing the above steps, you can access the configured host through the browser. If the browser indicates that the certificate is untrusted, this is normal because self-signed certificates are not recognized by public CAs. You can choose to manually trust the certificate to continue.
Conclusion
By following the above steps, you can generate and use self-signed ECC SSL certificates in ServBay. Although self-signed certificates are not publicly trusted, they provide a convenient solution for local development and testing. We hope this article helps you successfully configure self-signed SSL certificates and improve your development efficiency.