SSL Certificate for Localhost: A Quick Guide to Generate And Install
How to Get an SSL Certificate for Localhost?
Though it is a wise decision to get an SSL certificate for localhost, before we get started, you will need to understand that certificate authorities do not issue SSL certificates for localhosts. This does not mean they never issued SSL certificates for localhosts, but it is that they stopped issuing SSL certificates for localhost in 2015. CAs did not want to issue SSL certificates for localhost as local hosts do not have their roots in top-level domains like .org or .com and local hosts are not owned by anyone uniquely.
However, SSL certificates still work for localhosts. But the process of getting an SSL certificate for your localhost is not going to be the same as getting an SSL certificate for your website.
You will just generate an SSL certificate yourself for your localhost.
Generate an SSL Certificate for Localhost
To secure your localhost with an SSL certificate, you need to go for a “self-signed SSL certificate.” A self-signed SSL certificate is nothing but an SSL certificate that you will generate for yourself without purchasing it from a certificate authority. This SSL certificate will encrypt your data. But this does not mean you will not see the “Not Secure” warning and despite having an SSL for your localhost, you will still see the warning in the browser. But the good news is that you need not worry about it, as this SSL certificate you generate for your local host will encrypt your data.
Remember, it is possible to secure your local host with an SSL certificate you generate without the help of a CA. However, though you can generate an SSL certificate for local development, this certificate will not be trusted by anyone else.
The best and quickest way to generate a self-signed certificate is by using the openssl command. Using the openssl command, this is how you can generate a self-signed SSL certificate for your localhost, along with a private key.
openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=localhost' -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")