网站制作学习网→经验与学习→正文：localhost设置https ssl证书

字体：大中小

localhost设置https ssl证书

经验与学习　2024/12/22 0:03:11　　点击：不统计

在做本地测试时，有时需要本地https 证书，这里提供了免费的https localhost证书。

一开源软件安装

https://github.com/FiloSottile/mkcert

# 支持linux macOs windows，我这里使用windows ，直接使用Chocolatey 安装，命令入下：

注意，需要管理员权限安装

choco install mkcert

安装结果如下：

~ choco install mkcert

Chocolatey v1.1.0

Installing the following packages:

mkcert

By installing, you accept licenses for the packages.

mkcert v1.4.4 [Approved]

mkcert package files install completed. Performing other installation steps.

ShimGen has successfully created a shim for mkcert.exe

The install of mkcert was successful.

Software installed to 'C:\ProgramData\chocolatey\lib\mkcert'

Chocolatey installed 1/1 packages.

See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

通过运行

mkcert --version

显示版本，说明安装成功。

第二下面是生成证书相关参数，参数必须放到域名前

-cert-file FILE, -key-file FILE, -p12-file FILE

Customize the output paths. 自定义文件名称路径

-client

Generate a certificate for client authentication.

-ecdsa

Generate a certificate with an ECDSA key.

-pkcs12

Generate a ".p12" PKCS #12 file, also know as a ".pfx" file,

containing certificate and key for legacy applications.

-csr CSR

Generate a certificate based on the supplied CSR. Conflicts with

all other flags and arguments except -install and -cert-file.

(1)生成localhost，或者自定义本地信任的域名证书,比如我本地测试使用 forasp_cn.com域名

# 安装根证书信任

mkcert -install

The local CA is now installed in the system trust store!

The local CA is now installed in Java's trust store!

# 查看根证书位置

~ mkcert -CAROOT 23:30:59

C:\Users\username\AppData\Local\mkcert

# 找到 rootCA.pem可以把他改成rootCA.crt

双击安装到本机

# 然后再更改回来原来的pem后缀

(2)# 查看一下当前目录,一般生成到当前用户的目录下：

~ pwd

C:\Users\username

# 生成证书,在当前用户目录下

~ mkcert forasp_cn.com

Created a new local CA 💥

Note: the local CA is not installed in the system trust store.

Note: the local CA is not installed in the Java trust store.

Run "mkcert -install" for certificates to be trusted automatically ⚠️

Created a new certificate valid for the following names 📜

- "forasp_cn.com"

Reminder: X.509 wildcards only go one level deep, so this won't match a.b.forasp_cn.com ℹ️

The certificate is at "./forasp_cn.com.pem" and the key at "./forasp_cn.com-key.pem" ✅

It will expire on 21 March 2027 🗓

（3）# 找到 forasp_cn.com.pem可以把他改成 forasp_cn.com.crt

双击安装到本机

再更改回来 forasp_cn.com.pem

第三在nginx 中配置

server {

listen 443 ssl;

server_name forasp_cn.com; # 用你的域名替换

ssl_certificate /path/to/forasp_cn.com.pem; # mkcert 生成的证书路径

ssl_certificate_key /path/to/forasp_cn.com.pem; # mkcert 生成的密钥路径

# 其他 Nginx 配置

}

本地host 修改

127.0.0.1 forasp_cn.com

再访问https://forasp_cn.com 即可

·上一篇：git clone HTTP/2 stream 1 was not closed cleanly before end of the underlying stream >> 　　　·下一篇：zabbix图形显示方块字 >>