Installing SSL Certificate with Passenger in Development on MacOS
Installing SSL Certificate with Passenger in development on macOS is quite advantageous since it will enable you to notice and address problems in the staging and production stage of your project. Due to this reason, it would be best to have your SSL Certificate installed during the development stage instead of a later time.
Godaddy is a great option for reliable, cheap SSL certs. Get the best price.
Installing SSL Certiricate with Passenger on MacOS
If you already have a certificate assigned to the production stage, you can use it on the development stage. However, if you wish to use a different or self-signed certificate, you can do so by following the guideline below:
- Using a production certificate on development stage.
If you wish to use your production certificate, you can do so by opening Passenger:
sudo passenger start –ssl –environment development –ssl-certificate “/path/to/certificate.pem” –ssl-certificate-key “/path/to/key.pem” –port 443
- Installing Homebrew.
If you opted for a self-signed certificate for the development stage of your project, install Homebrew to make software installation easier. Run the code below to do this:
# if you haven’t already installed homebrew, run this command and follow the prompts (the defaults are sane and what we’ll be assuming here)
/usr/bin/ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”
# start here if homebrew is already installed
brew install openssl passenger dnsmasq
- Configuring OpenSSL.
To configure OpenSSL, uncomment the lines below. These will allow functions that you will need later:
# unique_subject = no # allows you to recreate the cert as needed, for example to add more domains
# copy_extensions = copy # allows you to have many domains
# req_extensions = v3_req # allows you to have many domains
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment # makes cert work with modern browsers
# keyUsage = cRLSign, keyCertSign # makes cert work with modern browsers
You should also modify these values:
efault_days = 3650 # there’s no reason to have to redo this every year, set to 10 years
default_md = sha256 # this is the default value in openssl 1.1.0, and it’s needed for modern browsers
- Creating a new certificate.
Run this code to create the demoCA directory:
You will need to trust your new certificate and key pair:
sudo /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/certs/demoCA/cacert.pem
Now, it’s time to sign the certificate:
- Configuring the DNS.
After trusting your self-signed certificate, you should configure the DNS. It will set up Dnsmasq & configure your top level domain so that you won’t have to repeatedly save on your localhost.
echo ‘address=/dev/127.0.0.1’ >> `brew –prefix`/etc/dnsmasq.conf
sudo cp `brew –prefix dnsmasq`/homebrew.mxcl.dnsmasq.plist /Library/LaunchDaemons/
sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
sudo mkdir -p /etc/resolver
sudo echo ‘nameserver 127.0.0.1’ > /etc/resolver/dev
After this, restart Passenger and check your project on Chrome over HTTPS. You should not have any trouble doing so.
If you want to protect the development stage using a CA-signed certificate, go to GoDaddy or Symantec. These certificate authorities will also be able to assist you on the installation on the certs, making things convenient on your part.