Closed electricarts closed 5 years ago
adamdecaf
commented
5 years ago You can set CAROOT when calling mkcert:
$ CAROOT=~/local_certificates mkcert -installYou can also copy the existing CA and files: cp $(mkcert -CAROOT)/* ~/local_certificates/
electricarts
commented
5 years ago Thanks for the help!
But what about the generated page certificates? Is there a possibility that they will automatically end up in the local_certificates folder?
adamdecaf
commented
5 years ago You can have mkcert write those anywhere, but by default those files are written in the directory mkcert is executed from.
$ mkcert -cert-file ~/local_certificates/localhost.pem -key-file ~/local_certificates/localhost-key.pem localhost
Using the local CA at "/Users/adam/local_certificates" â¨
Created a new certificate valid for the following names đ
- "localhost"
The certificate is at "/Users/adam/local_certificates/localhost.pem" and the key at "/Users/adam/local_certificates/localhost-key.pem" â
I think I'm too stupid for the terminal. đ
The local CA is now in ~/local_certificates. But when I now create new certificates for my local URLs, the CA under ~/Library/Application Support/mkcert is still used. Do I have to delete the local CA generated with the "normal" installation (in ~/Library/Application Support/mkcert) first?
adamdecaf
commented
5 years ago You can set CAROOT in your shell profile (~/.bashrc as an example) to always override the default.
export CAROOT="$HOME/local_certificates"Unfortunately this does not change anything. After the entry in the shell profile, a new CA certificate is created in ~/local_certificates after calling mkcert (as before with $ CAROOT=~/local_certificates mkcert -install). But the URL certificates are stored again in ~ and not in ~/local_certificates.
adamdecaf
commented
5 years ago Oh, by default mkcert writes those to the directory it's ran from. You can set two flags to override that (or copy the files).
$ mkcert -cert-file ~/local_certificates/localhost.pem -key-file ~/local_certificates/localhost-key.pem localhost Ok. And I have to set this flag 4 times if the generated certificate should be valid for example.test, *.example.test, localhost and 127.0.0.1? This is too much stress for me. Then the certificates remain without a folder in ~. Not very organized but I have to live with that.
Nevertheless thanks a lot for your support! I am unfortunately only a pixel pusher.
adamdecaf
commented
5 years ago # Locally I don't have CAROOT set to ~/local_certificates
$ mkcert -cert-file ~/local_certificates/localhost.pem -key-file ~/local_certificates/localhost-key.pem example.test *.example.test localhost 127.0.0.1
Using the local CA at "/Users/adam/Library/Application Support/mkcert" â¨
Created a new certificate valid for the following names đ
- "example.test"
- "*.example.test"
- "localhost"
- "127.0.0.1"
Reminder: X.509 wildcards only go one level deep, so this won't match a.b.example.test âšī¸
The certificate is at "/Users/adam/local_certificates/localhost.pem" and the key at "/Users/adam/local_certificates/localhost-key.pem" â
---
# Verify certificate hostnames and IP
$ cert-manage list -file ~/local_certificates/localhost.pem
Certificate
...
DNSNames:
example.test
*.example.test
localhost
IPAddresses:
127.0.0.1
That worked for me.
electricarts
commented
5 years ago Yesss! That worked! Many many thanks for your help!
I made a snippet in TextExpander with a placeholder for my local URLs. So I only have to type in the abbreviation in the terminal, enter the desired local URL in the placeholder and press Enter. And everything is in the desired place. đ
adamdecaf
commented
5 years ago Sweet! Feel free to close out this issue if we solved your problems. đ
Sorry for the perhaps stupid question, but how can I change the location for the generated certificates? How do I use the variable $CAROOT when generating? An example would be great. For example, what should I do if I want to store the certificates in a folder under ~/local_certificates?