chassis_openssl
openSSL module as extension for chassis.io. See https://github.com/Chassis/Chassis and http://docs.chassis.io/en/latest/ for a lot more info.
Usage
- Clone this into the
extensions folder of your Chassis installation. Use recursive: git clone --recursive https://github.com/Chassis/chassis_openssl.git to get the submodule pulled in as well.
- Run
vagrant reload --provision or just vagrant up
- Profit.
Optional Config
By default the certificate and key are regenerated on subsequent vagrant reload --provision & vagrant up. Which means you would need to re-trust the certificate each time, as the certificate serial number changes.
To configure to only create if missing, add the following to your config.yaml
# Configure ssl to keep the same cert/key
chassis_openssl:
cert:
replace: no
key:
replace: no
Notes:
- You also need to modify the
wp-config.php in the root directory and modify the WP_SITEURL and WP_HOME constants to use https instead of http.
- Both the certificate and key are exported to
chassis/ directory, so it can be used with local dev servers, like webpack dev server.
Trusting the certificate
In order to avoid security errors and get that nice green padlock in your location bar, you should add the site's SSL certificate to your trust store. The certificate can be found at chassis/{DOMAIN_HERE}.cert .
CLI methods
macOS
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain chassis/{DOMAIN_HERE}.cert
Windows ( running with admin privileges )
certutil -enterprise -f -v -AddStore "Root" "{DOMAIN_HERE}.cert"
GUI methods
Firefox on any operating system:
- Open Firefox's Preferences.
- Go to Advanced -> Certificates -> View certificates -> Authorities.
- Import the certificate.
- Click "Trust this CA to identify web sites".
Or alternatively:
- Open Firefox
- Browse to
about:config
- Set
security.enterprise_roots.enabled to true
Chrome or Safari on Mac:
- Open the "Keychain Access" app.
- Drag the certificate into the "System" keychain.
- Right-click it and click "Get Info".
- Expand the "Trust" section if it's not already.
- Under "Secure Sockets Layer (SSL)", select "Always Trust".
- Close the window. At this point you may have to enter your Mac account password.
- Restart your browser for this to take effect.
IE and Edge on Windows ( reference )
- Browse to your page (e.g. https://vagrant.local) in Internet Explorer which should use your self-signed SSL certificate. You should be greeted by an error message saying your certificate is not trustworthy.
- Click “Continue to this website”.
- Click on “Certificate error” in the address bar, and then click “View certificates”.
- Click “Install Certificate”.
- Click “Place all certificates in the following store”, and then click “Browse”. Do not rely on the preselected option to automatically select the certificate store as this will not work!
- Inside the dialog box, click “Trusted Root Certification Authorities”, and then click “OK”.
- Finish the dialog.
- When you get a security warning, click “Yes” to trust the certificate.
- Reload your page. The certificate should be working fine now.
Other browsers / platforms
Please submit pull-requests for instructions for browsers/platforms not listed above.
Contributors
Props to @javorszky for the initial versions of the extension, and our contributors.