Local dev cert
Testing Web services in a development environment over SSL/TLS (HTTPS) can be a problem if your development environment doesn’t have a suitable SSL Cert. In such cases, creating a self-signed cert is usually sufficient, but you have to ensure that your client applications (including browsers) trust the cert you created yourself.
Here’s a recipe for creating a self-signed certificate and installing it into Firefox so that the Developer window doesn’t fill up with warnings (such as about Strict-Transport-Security headers being ignored). The recipe assumes you have keytool (usually in the “bin” of your JDK). This is for Windows, but similar steps apply to other OSs.
keytool.exe -genkey -alias selfsigned -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 3650 -keypass password -keystore selfsigned.jks -storepass password
keytool.exe -importkeystore -srckeystore selfsigned.jks -destkeystore selfsigned.p12 -srcalias selfsigned -srcstoretype jks -deststoretype pkcs12
Obviously choose a better password. At the end of these two steps you should have a selfsigned.p12 file. If you want a .pem file you can obtain one as follows using openssl:
openssl pkcs12 -in selfsigned.p12 -out selfsigned.pem
Now run Firefox, select “Options” from the menu, then the Security section and find the bit where you can View Certificates. In there, import the .p12 file into “Your Certificates” (and you’ll be asked for the password). When you visit a server using your cert for SSL, such as one installed on localhost, Firefox will issue a warning, but you can tell it to make an exception by following the instructions that appear. From here on you will be able to visit your local dev server and not see too many security errors in the DevTools console, which allows you to concentrate on other important things.
Before you deploy to production, it makes sense to test using real SSL certs, and for this you could pay a visit to Let’s Encrypt and get a genuine cert completely free. You’ll need a genuine domain to use LE.