HTTPS on local domains
This tutorial let you configure the local machine for HTTPS/TLS applications for a local domain (example.com
).
I am running this on MacOS Sonoma.
Generating certificates with mkcert
Install mkcert
$ brew install mkcert
# To install certificates on firefox you will nedd nss
$ brew install nss
Generate certificates
$ mkcert -key-file key.pem -cert-file cert.pem example "*.example.com"
Created a new certificate valid for the following names đ
- "example"
- "*.example.com"
Reminder: X.509 wildcards only go one level deep, so this won't match a.b.example.com âšī¸
The certificate is at "cert.pem" and the key at "key.pem" â
It will expire on 14 June 2026 đ
Install certificates
$ mkcert -install
The local CA is already installed in the system trust store! đ
The local CA is already installed in the Firefox trust store! đ
Configure local DNS
Install dnsmasq
$ brew install dnsmasq
Configure
$ vim $(brew --prefix)/etc/dnsmasq.conf
Add this to the end of file
address=/example.com/127.0.0.1
domain-needed
bogus-priv
Start dnsmasq
service
$ sudo brew services start dnsmasq
Configure MacOS resolver
$ mkdir -p /etc/resolver
# create a resolver for domain example.com
$ vim /etc/resolver/example.com
Add this to file /etc/resolver/example.com
nameserver 127.0.0.1
Check MacOS DNS resolver
$ scutil --dns
...
resolver #8
domain : example.com
nameserver[0] : 127.0.0.1
flags : Request A records, Request AAAA records
...
Check domain resolution
$ dig @127.0.0.1 example.com
Check MacOS domain resolution
$ dns-sd -q example.com
DATE: ---Thu 14 Mar 2024---
15:58:11.509 ...STARTING...
Timestamp A/R Flags IF Name Type Class Rdata
15:58:11.511 Add 2 0 example.com. Addr IN 127.0.0.1
Configure HTTPS on applications
Just use the same key.pem
and cert.pem
generated before.
For instance:
...
let privateKey = fs.readFileSync("key.pem")
let certificate = fs.readFileSync("cert.pem")
let config = {
key: privateKey,
cert: certificate,
}
https.createServer(config, app).listen(443);
...