How to use HTTPS on localhost (Linux)
Here you will get some tips to secure your localhost with https.
Notice that I use a self signed certificate for this example. If you want a more secured one, please contact a company approved to provide certificates.
First, you can see I can access to my local server with http (image 1) and not with https (image 2).
Now, we are going to establish a connection to the server at localhost via https.
- First, we are going to generate our own self signed certificate with openssl : openssl genrsa -out PrivateKeyForLocalhost.priv
2. We are going to create the certificate localhostCertificate.pem using the private key we have just created : openssl req -x509 -new -nodes -key PrivateKeyForLocalhost.priv -sha256 -days 365 -out localhostCertificate.pem
Our certificate is available for 365 days. You can choose any number of days you want. And for the questions, choose appropriate answers (I chose randomly for the example).
3. Now, we have to install the certificate in order to trust it in our local development computer. Use these command lines :
sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp localhostCertificate.pem /usr/local/share/ca-certificates/extra/localhostCertificate.crt
sudo update-ca-certificates
4. And now, we need to create our https configuration file (in my example, I use emacs, but you can choose any text editor you want. And replace /home/ghostprotocol/ with your own /home/[username]). I will explain further why I put #Linsten 443 in comment :
Here is the code in https.conf file :
#Listen 443
<VirtualHost *:443>
ServerName localhost
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile "/usr/local/share/ca-certificates/extra/localhostCertificate.crt"
SSLCertificateKeyFile "/home/ghostprotocol/httpsLocalHost/PrivateKeyForLocalhost.priv"
<Directory /var/www/html>
AllowOverride all
</Directory>
</VirtualHost>5. Then, we have to activate SSL module and restart Apache server :
sudo a2enmod ssl
sudo systemctl restart apache2
6. Finally, we have to enable the new configuration in https.conf and restart Apache server :
sudo a2ensite https.conf
sudo systemctl restart apache2
7. And that’s it ! We can see the “warning” logo because mozilla have detected my certificate as “self signed certificate”. You can get a good one from approved companies as I told at the beginning.
8. When I connect to the server from another device, I can see the information I gave when I created the certificate :
9. Some issues I had to deal with when I did it the first time. Hope that can help you :
9.1. I have the “Invalid command SSLEngine” because I have forgotten to activate the SSL module with “sudo a2enmod ssl”
9.2. I have this error “multiple Listeners on the same IP:port” because “Listen 443” was not commented. We had to comment it because we probably have a listener in our default machine configuration file (mine “default-ssl.conf” on Kali linux)
Thank you for reading ! I hope I helped you or teach you something. Feel free to comment if you have questions/issues.
