Set up a self-signed SSL certificate

Last updated:
Edit on GitHub

A self-signed SSL certificate is an identity certificate that is signed by the same entity whose identity it certificates. Such a certificate is used only for local development. For production, we recommend generating a valid SSL certificate signed by an official certification center like Let’s Encrypt.

There is a self-signed SSL certificate shipped with Spryker. It is located in docker/deployment/default/spryker_ca.crt. To access your instance via a secure connection, add the certificate to trusted authorities in the host system.

Set up a custom SSL certificate

  1. To use your own custom SSL certificate with Spryker, add the following files to $HOME/.spryker/certs/:
  • default.crt – your public X.509 certificate
  • default.key – the matching private key
  1. Secure your private key so only you can read it:
chmod 600 "$HOME/.spryker/certs/default.key"
  1. If you have an intermediate CA chain, concatenate them (leaf first, then intermediates) into default.crt:
cat leaf.crt intermediate.crt >> "$HOME/.spryker/certs/default.crt"

Now the local docker SDK loads your custom certificate and key.

Set up a self-signed SSL certificate on MacOS

To add spryker_ca.crt to trusted authorities on MacOS, follow the steps:

  1. Open Keychain Access.

  2. Select File > Import Items.

  3. Select spryker_ca.crt and click Open.

  4. Go to the Certificates category.

  5. Right-click the Spryker certificate and select Get Info. Get info in Safari and Chrome

  6. Open the Trust drop-down menu.

  7. In the When using this certificate drop-down menu, select Always Trust. Make the certificate trusted

Verification

Ensure that you can open Yves, Zed, and Glue without warnings via HTTPS. HTTPS verification

Set up a self-signed SSL certificate on Linux

On Linux, you can add the certificate to trusted authorities only in a browser. Below, you can find instructions for importing the certificate in Google Chrome and Firefox.

Set up a self-signed SSL certificate in Google Chrome on Linux

To add spryker_ca.crt to trusted authorities in Google Chrome on Linux, follow the steps:

  1. Click Moregoogle-chrome-more-button.
  2. Select Settings.
  3. On the Settings page, go to Advanced > Manage certificates.
  4. Go to the Authorities tab.
  5. Select Import.
  6. Select spryker_ca.crt and click Open.
  7. Select Trust this certificate for identifying websites.
  8. Click OK to save the changes.
  9. Restart the browser.
Verification

Ensure that you can open Yves, Zed, and Glue without warnings via HTTPS. HTTPS verification

Set up a self-signed SSL certificate in Firefox on Linux

To add spryker_ca.crt to trusted authorities in Firefox on Linux, follow the steps:

  1. Click Open menu firefox-menu-button.
  2. Select Options.
  3. On the Options page, select Privacy & Security.
  4. Scroll down to the Certificates section.
  5. Click View Certificates.
  6. In the Authorities tab, click Import.
  7. Select spryker_ca.crt.
  8. Select Trust this CA to identify websites. Select file in Firefox
  9. Click OK to save the changes.
Verification

Ensure that you can open Yves, Zed, and Glue without warnings via HTTPS. HTTPS verification

Set up a self-signed SSL certificate on Windows

To add spryker_ca.crt to trusted authorities on Windows, follow the steps:

  1. To open the Run window, press Win+R.
  2. In the Open field, enter mmc and press Enter.
  3. To confirm the action, click Yes.
  4. From the File menu, select Add/Remove Snap-in….

Alternatively, to open the Add or Remove Snap-ins window, press Ctrl+M.

  1. In the Available snap-ins list, select Certificates.

  2. Select Add >. Add certs

  3. Click Certificates (local computer) > Trusted Root Authorities.

  4. Right-click the Certificates folder and select All Tasks > Import.

  5. Select the spryker_ca.crt file and click OK.

Verification

Ensure that you can open Yves, Zed, and Glue without warnings via HTTPS.

HTTPS verification