Install my own SSL certificates

Hello,

I am issuing my own self-signed certificates with my own CA. This allows me to import only one CA certificate in the cert store (Windows) instead of multiple certificates for every local site (as is currently with Local).

How can I instruct Apache to use my own certificate and key? It seems that SSLCertificateFile and SSLCertificateKeyFile in “conf\apache\sites-enabled\default-ssl.conf” both point to non-existing files (checked via SSH):

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

There are no such files in /etc/ssl/certs and /etc/ssl/private.

But when I access my site via HTTPS I get a certificate for the domain. Where is this certificate stored and how can I replace it with my own?

Thank you in advance!

Best regards,
Drago

1 Like

Hi Drago,

You can swap out the certificates in %AppData%\Local by Flywheel\routes\certs

1 Like

Hi, has the location of the certs changed on Windows? I don’t have the directory %AppData%\Local By Flywheel\ (on version 5).

As in your video, there should be a “Trust button”. Which isn’t there.

Where are these certificates located for Linux (Ubuntu/Debian) users?

I used the command locate Local and found that it was located in /opt/Local/.

However, there is no *.crt files in it, nor in any of the /Local-sites/<sitenames> either.

@JackB,

The Trust button isn’t available on Linux prior to Local 5.1 (currently in beta) due to the trust process being quite a bit more complicated.

Local >5.0 certificates can be found here on Linux: ~/.config/Local/run/router/nginx/certs

@clay Awesome! :grinning: Thank you for the information & the quick response!

Edit: It says certificate empty while importing?

Can you screenshot or copy and paste what you’re seeing?

Error while importing certificate
This client certificate’s private key is missing or empty

However when i echo it in my terminal it’s indeed a key there, hmmm. Might be a 3rd party problem (Chrome)?

The key doesn’t look corrupt

Interesting! I haven’t tried importing a key in Chrome like that before. If the key and cert aren’t corrupted I’m not sure what would be causing that.

If you figure it out, please share! You have me curious now :slight_smile:

Oopsie, yeah apparently in the Chrome Settings Page for certificates there is a tab for Authorities, I just tried on the tab I landed on. :roll_eyes:

1 Like