Is there anywhere that I can get a valid , signed, SSL cert to the "localhost" domain for testing? Does anyone anywhere offer a download of something like this that I can use in testing? I know how to use openssl to sign a key with a CA, but there are a lot of steps involved and I am hoping there is something quick and easy.
What I want is a canned test CA that I can import into my trusted CA stores and then a accompanying jks keystore that has the cert chain in it for that CA.
So, it would be a 3 step process, within a protected sandbox :
1. Get a new distro of Jetty, enable the SSL connector, point it to
the localhost.jks keystore
2. Import the CA that signed the localhost cert in the localhost.jks
into my web browser
3. Browse to Tomcat on the SSL port , look at the cert and see the
cert chain.
I have a really hard time believing that exists, since it's against the nature of SSL.
The CA's that are in your root-certificate list are companies who we've given our trust to. Their job is to verify that the ones who own the certificate are the ones they claim to be. Giving a
localhost-certificate to anyone like this, would break this concept. Even for testing.The localtest.me cert seems to be no longer available, but see https://github.com/Daplie/localhost.daplie.com-certificates. It's not a wildcard cert though.
Free SSL certs via Greenlock / Let's Encrypt
If you set the A record for
localhost.YOURSITE.comto127.0.0.1(or just edit your hosts file) you can go to https://greenlock.domains and get a free 90-day HTTPS certificate that's issued via Let's Encrypt.You'll need to choose DNS verification instead of the default HTTP file upload and you'll need to set a TXT record to prove domain ownership.
Programmatic Renewal via node.js
If you're familiar with node.js you can use Greenlock.js to create an automated solution that works with your keystores.
Other solutions
There's also stuff like certbot, caddy, ZeroSSL, and a number of other solutions that integrate with Let's Encrypt as well.