install & generate root CA with mkcert
You can install
mkcert by download binaray from
https://github.com/FiloSottile/mkcert/releases/download/ , then move it to your custom path.
generate Root CA like that:
i➜ /tmp ᐅ mkcert -install
(picture was take from it installed, that would be different from first time to install it)
Also, you can find it in your local directory.
i➜ /tmp ᐅ ls -R ~/.local/share/mkcert
generate cert with openssl & signed by your Root CA
i➜ /tmp ᐅ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout 91sec.club.key -out 91sec.club.crt
Now, upload your cert to remote server, and configure it by your cert.
nginx -s reload
open your browser & test and verify
chrome browser, and access your website（In my scenario, i change my host point to my website)
Attention please, it’s only worked for those computer which was installed by your root CA. and not
If you want find where it is, please open your
chrome and input
chrome://settings/certificates?search=cert and click
authorities tab. (that would be different in another platform. for example, cert management in MacOS was manager by
So, this is a demo for you to learn CA part. if you want deep into it, you should know more about NSS, PKI, And so on.