https://github.com/FiloSottile/mkcert
To creating a usable self signed ssl certificate using Windows, Nginx, and Laragon (a portable LAMP stack):
Download the latest mkcert for your OS (Windows in this case)
https://github.com/FiloSottile/mkcert/releases
mkcert-v1.4.1-windows-amd64.exe
Copy the file to a new dir
C:/laragon/bin/mkcert/
And rename to a generic mkcert.exe
Note, assuming you installed/extracted Laragon to C:/laragon
In a command window with Administrator Privileges (Run as Admin)
> cd C:\laragon\etc\ssl
Specify the destination of the CA cert
> mkdir C:\laragon\etc\ssl\mkcert
Set an temporary environment variable for mkcert to read
> setx CAROOT "C:\laragon\etc\ssl\mkcert"
By default, it would have be in you user directory
> C:\Users\<user>\AppData\Local\mkcert
Close the command window and re-open it so the environment variable can be read
In linux you might source ~/.bash_profile .. but windows
Test that the environment variable is indeed set
> cd C:\laragon\etc\ssl\
> echo %CAROOT%
C:\laragon\etc\ssl\mkcert
Create and install your local CA
> ..\..\bin\mkcert\mkcert -install
You will be shown a prompt warning you that you are doing what you want to do, add a local CA
After reading, ClickYes
Note, by default the CA key will be named rootCA-key.pem and the CA cert will be named rootCA.pem. The names are hard coded in the project source main.go, if you want to compile the project.
Start Menu -> Run -> certmgr
Or
Laragon -> Menu -> Nginx -> Certificate Manager
Note, while Laragon does have its own CA which it can add, it does not seem to work with recent browser updates.
Scroll to find mkcert Computer\User@Computer>
Note, you can delete it if you want by Right Clicking on and select Delete
Now generate the SSL certificate, which will be signed by the CA you just added
> cd C:\laragon\etc\ssl
> ..\..\bin\mkcert\mkcert site.local "*.site.local"
Would create the SSL key and cert in C:\laragon\etc\ssl as
site.local+1-key.pem and site.local+1.pem
Rename the files, or specify names when creating:
> ..\..\bin\mkcert\mkcert -key-file company.localhost.key -cert-file company.localhost.crt company.localhost *.company.localhost
company.localhost
site1.company.localhost
site2.company.localhost
> ..\..\bin\mkcert\mkcert -key-file dev.localhost.key -cert-file dev.localhost.crt dev.localhost *.dev.localhost
dev.localhost
site1.dev.localhost
site2.dev.localhost
Note, most browsers do not support wildcards 2 levels deep ie don't use just localhost or test
Note, Chrome redirects use of the .dev tld to HTTPS, as Google now owns the official .dev tld. While using any domain name which you override in your /etc/hosts file should be ok, it is best to use a domain you actually own. But if that is not practical, .test, .local, .localhost are the often provided alternatives.
Using the default website in Laragon as a working example
C:\laragon\etc\nginx\sites-enabled\00-default.conf
listen 8443;
Server_name site1.dev.localhost;
# Enable SSL
ssl_certificate "C:/laragon/etc/ssl/dev.localhost.crt";
ssl_certificate_key "C:/laragon/etc/ssl/dev.localhost.key";
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
Note, if you are using Skype, you may not be able to run a webserver on port 443, so choose another port, such as 8443.
Assuming you have added your local host name to /etc/hosts or
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 site1.dev.localhost
Viewing https://site1.dev.localhost
Should result in a valid SSL cert.
Enjoy your HTTPS, and develop away.
To install reinstall on a computer, or reinstall after deleting the mkcert CA
Copy the full Laragon dir, or the rootCA.pem at least
Set an temporary environment variable for mkcert to read
> setx CAROOT "C:\laragon\etc\ssl\mkcert"
Close the command window, re-open Create and install your local CA> ..\..\bin\mkcert\mkcert -install
Re-enjoy your HTTPS, and develop away.
-End of Document-
Thanks for reading