Create cert
openssl genrsa 2048 > host.key openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert #[enter *.localhost.dev for the Common Name] openssl x509 -noout -fingerprint -text < host.cert > host.info cat host.cert host.key > host.pem
Trust cert
sudo security add-trusted-cert -d -r trustRoot \ -k /Library/Keychains/System.keychain host.cert
boxen / puppet config
# nginx.conf
server {
listen 80;
listen 443 default ssl;
ssl_certificate <%= scope.lookupvar "nginx::config::configdir" %>/ssl/localhost.crt;
ssl_certificate_key <%= scope.lookupvar "nginx::config::configdir" %>/ssl/localhost.key;
server_name *.localhost *.localhost.dev;
# nginx.pp
file { "${nginx::config::configdir}/ssl":
ensure => 'directory'
}
$cert = "${nginx::config::configdir}/ssl/localhost.crt"
exec {"trust-nginx-cert":
command => "sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${cert}",
require => File[$cert],
user => root,
}
file { $cert:
ensure => present,
source => 'puppet:///modules/company-name/ssl/localhost.crt',
notify => Service['dev.nginx']
}
file { "${nginx::config::configdir}/ssl/localhost.key":
ensure => present,
source => 'puppet:///modules/company-name/ssl/localhost.key',
notify => Service['dev.nginx']
}
Michael Grosser, the Blog 