Local domain configuration¶

Local domain configuration allows a developer to map a custom domain name, such as *.yudady.tk, to the local machine (typically 127.0.0.1). This process is essential when testing secure connections (HTTPS) using a self-signed Certificate Authority (CA) and locally generated certificates, ensuring the browser recognizes the URL as valid.^[600-developer-tools-security-ca.md]

Domain Mapping¶

The primary method for routing a custom domain to the local environment is editing the system's hosts file.^[600-developer-tools-security-ca.md] By adding specific entries, local traffic directed at the custom domain is redirected to localhost.

Hosts File Syntax¶

To configure the mapping, add the custom domain to the /etc/hosts file (or the equivalent on Windows) using the following format:^[600-developer-tools-security-ca.md]

127.0.0.1 <your-domain>

For example, a typical configuration might look like this:^[600-developer-tools-security-ca.md]

127.0.0.1 localhost
127.0.0.1 <your-domain>
127.0.1.1 ubuntu

Configuration for OpenSSL¶

When generating certificates using OpenSSL for these local domains, specific configuration files (.cnf) must be updated to reflect the chosen domain name.^[600-developer-tools-security-ca.md]

Modifying Configuration Files¶

To ensure the certificate matches the local domain, the following parameters must be set in their respective configuration files (e.g., caconfig.cnf and exampleserver.cnf):^[600-developer-tools-security-ca.md]

1. Subject Alternative Name (SAN): In caconfig.cnf, modify the subjectAltName field to include your domain.

   subjectAltName = DNS:<your-domain>
   

2. Common Name (CN): In exampleserver.cnf, set the commonName to your domain.

   commonName = <your-domain>
   

Generating the Root Certificate¶

When creating the CA certificate that validates this local domain, OpenSSL prompts for specific details.^[600-developer-tools-security-ca.md] It is critical to enter the domain name accurately when prompted for the "Common Name" (e.g., *.yudady.tk for wildcard subdomains).^[600-developer-tools-security-ca.md]

The generated certificate can be inspected using openssl x509 to verify that the Issuer and Subject fields match the intended configuration.^[600-developer-tools-security-ca.md]

Related Concepts¶

• [[HTTPS]]
• OpenSSL
• [[Certificate Authority]]
• Self-signed certificate

Sources¶

^[600-developer-tools-security-ca.md]