Rate this article: (11 votes, average: 2.09)
Is it a good idea to get an SSL certificate for localhost? Well, an SSL/TLS certificate is a good idea for almost anything. So, if you’re thinking of protecting your localhost environment with an SSL/TLS certificate, then you’re definitely thinking in the right direction – whether you’re looking to use localhost for local development or for distribution with a native application. In this article, we will show you how you can protect your localhost with SSL encryption within 5 minutes!
Before we get an SSL certificate working for your localhost, I have two pieces of news for you. One is good, and the other one is bad. Which one would you like to hear first? Okay, let’s practice some delayed gratification and hear the bad news first.
If you want to get a certificate authority (CA) to issue an SSL certificate for the localhost, you’re out of luck because that is not possible as certificate authorities stopped issuing localhost SSL certificates in 2015. This is because nobody uniquely owns the localhost, and it doesn’t have its roots in the top-level domains (TLD) like “.com” or “.org.”
Therefore, this process isn’t going to be the same as getting an SSL/TLS certificate the way you do for your website. So, how do you get an SSL certificate for localhost? Well, that’s the good news you’re waiting for.
The good news is, it’s very much possible to get an SSL certificate working for your localhost. It might not be an SSL certificate verified and issued by a trusted certificate authority (CA), but you can make it work. Do you know how? By becoming an SSL certificate authority yourself.
Warning: If you’re thinking about generating an SSL certificate for production applications, don’t! In such a case, you should setup your app on a URL or IP address (and you can get an OV certificate for an IP address).
Now, to install an SSL certificate for the localhost, you have to resort to a special kind of certificate known as a “self-signed SSL certificates.” As the name suggests, these certificates are generated by yourself, for yourself. Although this would cause a “Not Secure” warning in the web browser, but that should be fine as it encrypts the data.
Generating a self-signed SSL certificate is a relatively simple procedure. Here’s how you can create a private key and self-signed certificate with the following openssl command:
openssl req -x509 -out localhost.crt -keyout localhost.key \ -newkey rsa:2048 -nodes -sha256 \ -subj '/CN=localhost' -extensions EXT -config <( \ printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
Once this is done, you can configure your local web server with localhost.crt and localhost.key in your list of trusted roots.
Voila! You just created an SSL certificate by yourself and installed it on your localhost. How cool is that?
Get SSL certificates that authenticate your identity and secure your site with prices that start as low as $7.02 per year!