Homestead SSL & Chrome – Why can’t we just be friends

January 6, 2018
By Jasper Frumau
Laravel

Homestead SSL & Chrome can be a real pain to make work together. To have Homestead SSL work in Chrome there are a few tweaks you have to make. You first need to set up SSL in your Vagrant Box. Then you need to generate the certificates for the site in question and then you need to change the Nginx configuration. What if we can just automate this?

After SSH

Well we are in luck. Cluppi made an after.ssh that does all this. First you need to add this great ssh script in resources/after.ssh:

#!/bin/sh

# Config for SSL.
echo "--- Making SSL Directory ---"
mkdir /etc/nginx/ssl

echo "--- Copying $i SSL crt and key ---"
openssl req -nodes -new -x509 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt -subj "/C=US/ST=NY/L=NYC/O=Dis/CN=www.example.com"

echo "--- Turning SSL on in nginx.conf. ---"
# Comment out this line if you prefer ssl on a per
# server basis, rather for all sites on the vm.
# If commented out you can access hosts on http
# port 8000, and https port 44300. If uncommented,
# you can ONLY access hosts via https on port 44300.
sed -i "/sendfile on;/a \\        ssl on;" /etc/nginx/nginx.conf

conf_files="/etc/nginx/sites-available/*"
for file in $conf_files
do
  echo "--- Inserting SSL directives into site's server file. ---"
  sed -i "/listen 80;/a \\\n    listen 443 ssl;\n    ssl_certificate /etc/nginx/ssl/server.crt;\n    ssl_certificate_key /etc/nginx/ssl/server.key;\n\n" $file

done

echo "--- Restarting Services ---"
service nginx restart
service php5-fpm restart

After you added it you just need to provision or restart your Vagrant Box and all the needed certificates will be generated. You can check for them under /etc/nginx/ssl and the Nginx changes under /etc/nginx/sites-available. All was taken care of.

Chrome Subject Alternative Name fix for OSX

Still, Chrome refused to accept the certificate and kept on indicating it was not valid due to Subject Alternative Name issues I did need to do a:

defaults write com.google.Chrome EnableCommonNameFallbackForLocalAnchors -bool true

from the terminal though to make Subject Alternative Name Missing error go away on my MacOs High Sierra. See this SO thread on this. This fix will not work in Chrome forever. Starting Chrome 65 it won’t work anymore. So we will then need to adjust the way the certificates are generated. But for now, yay!

Tagged in : Homestead, ssl

Jasper Frumau

Jasper has been working with web frameworks and applications such as Laravel, Magento and his favorite CMS WordPress including Roots Trellis and Sage for more than a decade. He helps customers with web design and online marketing. Services provided are web design, ecommerce, SEO, content marketing. When Jasper is not coding, marketing a website, reading about the web or dreaming the internet of things he plays with his son, travels or run a few blocks.