In an earlier post we talked about adding a self-signed SSL certificate to Google Chrome so that you can use SSL certificates on your local development machine. This solves the problem of browsing around on your local site, but it doesn’t solve the issue of making cURL calls. For example, if your site is running BackyBuddy or anything else that involves making backend calls over SSL, you will need to add / trust your self-signed certificate for cURL. So, here’s how you do it.
On Ubuntu, all the SSL certificates are hanging out together in /usr/share/ca-certificates
If you followed my other article about adding a self-signed certificate to nginx, then your self-signed certificate is in /etc/ssl/your-certificate.crt
So symlink your self-signed certificate into /usr/share/ca-certificates
like this:
sudo ln -s /etc/ssl/your-cert.crt /usr/share/ca-certificates/your-cert.crt
Next, edit the file /etc/ca-certificates.conf
by adding the name of your self-signed certificate to the list. Your file will end up looking something like this:
your-cert.crt mozilla/ACCVRAIZ1.crt mozilla/ACEDICOM_Root.crt mozilla/AC_Raíz_Certicámara_S.A..crt ...
Now you just need to update your certificates with this command:
$ sudo update-ca-certificates --fresh Clearing symlinks in /etc/ssl/certs...done. Updating certificates in /etc/ssl/certs....done. Running hooks in /etc/ca-certificates/update.d....done.
Now you should be able to successful use cURL on your local site over SSL. You can test it out like this:
curl https://your-local-domain.dev
Thank you, that worked great for me.
/etc/ca-certificates.conf is auto-generated by dpkg-reconfigure ca-certificates and modifications would be overwritten.
The correct method is to copy (or link) cert to /usr/local/share/ca-certificates. Then update-ca-certificates will pick it up without any additional file modifications.