下载

https://github.com/FiloSottile/mkcert/releases

操作

mkcert -install # 安装 CA

mkcert -CAROOT # 查看 CA 文件位置
# 拷贝公钥 rootCA.pem 到每个客户端导入

mkcert example.com # 单域名证书
mkcert local.host localhost 127.0.0.1 114.taobao.com safe.taobao.com wifi.aliyun.com devd.io # 多域名和 IP
mkcert "*.example.com" # 泛域名

mkcert -uninstall # 卸载 CA

服务端部署

webpack

devServer: {
    port: 443,
    https: {
        key: 'D:/tmp/res/local-key.pem',
        cert: 'D:/tmp/res/local.pem',
    }
}

配置 webpack.config.js

ASP.NET

"Kestrel": {
    "Certificates": {
        "Default": {
            "Path": "D:/tmp/res/local.pem",
            "KeyPath": "D:/tmp/res/local-key.pem"
        }
    }
}

配置 appsettings.json
参考 https://learn.microsoft.com/en-us/aspnet/core/fundamentals/minimal-apis

Nginx

server {
    ssl_certificate /res/local.pem;
    ssl_certificate_key /res/local-key.pem;
}

参考 https://ssl-config.mozilla.org/

每个客户端导入根证书

Windows

方式一：重命名 rootCA.pem 为 rootCA.crt 然后双击安装，浏览选择 受信任的证书颁发机构
方式二：运行 certmgr.msc 打开证书图形化工具，选择左侧 受信任的证书颁发机构 导入文件

Firefox

设置》隐私与安全》查看证书》证书颁发机构》导入》编辑信任设置》勾选此证书可以标识网站

CentOS

yum install -y ca-certificates

cp rootCA.pem /etc/pki/ca-trust/source/anchors/ # 拷贝证书
update-ca-trust

Debian

apt-get install ca-certificates

mkdir /usr/share/ca-certificates/selfCA
cp rootCA.pem /usr/share/ca-certificates/selfCA/ # 拷贝证书
echo "selfCA/rootCA.pem" >> /etc/ca-certificates.conf
update-ca-certificates