Trusted wildcard SSL certs for localhost on osx / mac

Create cert

openssl genrsa 2048 > host.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert
#[enter *.localhost.dev for the Common Name]
openssl x509 -noout -fingerprint -text < host.cert > host.info
cat host.cert host.key > host.pem

Trust cert

sudo security add-trusted-cert -d -r trustRoot \
 -k /Library/Keychains/System.keychain host.cert

boxen / puppet config

# nginx.conf
server {
  listen 80;
  listen 443 default ssl;

  ssl_certificate     <%= scope.lookupvar "nginx::config::configdir" %>/ssl/localhost.crt;
  ssl_certificate_key <%= scope.lookupvar "nginx::config::configdir" %>/ssl/localhost.key;

  server_name *.localhost *.localhost.dev;



# nginx.pp
  file { "${nginx::config::configdir}/ssl":
    ensure => 'directory'
  }

  $cert = "${nginx::config::configdir}/ssl/localhost.crt"

  exec {"trust-nginx-cert":
    command => "sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${cert}",
    require => File[$cert],
    user => root,
  }

  file { $cert:
    ensure => present,
    source => 'puppet:///modules/company-name/ssl/localhost.crt',
    notify  => Service['dev.nginx']
  }

  file { "${nginx::config::configdir}/ssl/localhost.key":
    ensure => present,
    source => 'puppet:///modules/company-name/ssl/localhost.key',
    notify  => Service['dev.nginx']
  }

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

%d bloggers like this: