In my last article I described how to generate your own self-signed SSL certificates and add them to macOS Keychain so that your browser doesn’t give you a privacy error. Soon after it was published, Ross McKay made a very interesting comment on that article:
If you have a few servers you need to do this with, you can just create yourself a CA (Certifying Authority) certificate and load that instead. Then your self-signed certs, signed by your CA cert, will all be accepted without you needing to load each one.
So basically he’s saying that I can be a certificate authority (CA) like Let’s Encrypt, Amazon, Verisign, Comodo, etc but just for my local network. How did I not know about that? So cool. But how does it work exactly?
How It Works
After some research I think I get it now. To request a certificate from a CA like Verisign, you send them a Certificate Signing Request (CSR), and they give you a certificate in return that they signed using their root certificate and private key. All browsers have a copy (or access a copy from the operating system) of Verisign’s root certificate, so the browser can verify that your certificate was signed by a trusted CA.
That’s
Source: https://managewp.org/articles/15714/how-to-create-your-own-ssl-certificate-authority-for-local-https-development
source https://williechiu40.wordpress.com/2017/07/25/how-to-create-your-own-ssl-certificate-authority-for-local-https-development/
No comments:
Post a Comment