下载
https://github.com/FiloSottile/mkcert/releases
操作
mkcert -install # 安装 CA
mkcert -CAROOT # 查看 CA 文件位置
# 拷贝公钥 rootCA.pem 到每个客户端导入
mkcert example.com # 单域名证书
mkcert local.host localhost 127.0.0.1 114.taobao.com safe.taobao.com wifi.aliyun.com devd.io # 多域名和 IP
mkcert "*.example.com" # 泛域名
mkcert -uninstall # 卸载 CA
服务端部署
webpack
devServer: {
port: 443,
https: {
key: 'D:/tmp/res/local-key.pem',
cert: 'D:/tmp/res/local.pem',
}
}
配置 webpack.config.js
ASP.NET
"Kestrel": {
"Certificates": {
"Default": {
"Path": "D:/tmp/res/local.pem",
"KeyPath": "D:/tmp/res/local-key.pem"
}
}
}
配置 appsettings.json
参考 https://learn.microsoft.com/en-us/aspnet/core/fundamentals/minimal-apis
Nginx
server {
ssl_certificate /res/local.pem;
ssl_certificate_key /res/local-key.pem;
}
参考 https://ssl-config.mozilla.org/
每个客户端导入根证书
Windows
方式一:重命名 rootCA.pem
为 rootCA.crt
然后双击安装,浏览选择 受信任的证书颁发机构
方式二:运行 certmgr.msc
打开证书图形化工具,选择左侧 受信任的证书颁发机构
导入文件
Firefox
设置》隐私与安全》查看证书》证书颁发机构》导入》编辑信任设置》勾选此证书可以标识网站
CentOS
yum install -y ca-certificates
cp rootCA.pem /etc/pki/ca-trust/source/anchors/ # 拷贝证书
update-ca-trust
Debian
apt-get install ca-certificates
mkdir /usr/share/ca-certificates/selfCA
cp rootCA.pem /usr/share/ca-certificates/selfCA/ # 拷贝证书
echo "selfCA/rootCA.pem" >> /etc/ca-certificates.conf
update-ca-certificates