# Mise an place du certificat autosigné

# Mise en place d’un certificat autosigné `*.megaproduction.local`

Certificat : `megaproduction.local.crt`  
Clé : `megaproduction.local.key`  
Fichier de configuration : `megaproduction.local.ext`

---

## Apache

1. Copier les fichiers dans `/etc/ssl/megaproduction.local/` :
    ```bash
    sudo mkdir -p /etc/ssl/megaproduction.local
    sudo cp megaproduction.local.crt megaproduction.local.key /etc/ssl/megaproduction.local/
    ```

2. Modifier le virtualhost :
    ```apache
    <VirtualHost *:443>
        ServerName megaproduction.local
        ServerAlias *.megaproduction.local

        SSLEngine on
        SSLCertificateFile /etc/ssl/megaproduction.local/megaproduction.local.crt
        SSLCertificateKeyFile /etc/ssl/megaproduction.local/megaproduction.local.key

        DocumentRoot /var/www/megaproduction.local
    </VirtualHost>
    ```

3. Activer SSL :
    ```bash
    sudo a2enmod ssl
    sudo systemctl reload apache2
    ```

---

## Nginx

1. Copier les fichiers dans `/etc/ssl/megaproduction.local/` :
    ```bash
    sudo mkdir -p /etc/ssl/megaproduction.local
    sudo cp megaproduction.local.crt megaproduction.local.key /etc/ssl/megaproduction.local/
    ```

2. Modifier la configuration :
    ```nginx
    server {
        listen 443 ssl;
        server_name *.megaproduction.local;

        ssl_certificate /etc/ssl/megaproduction.local/megaproduction.local.crt;
        ssl_certificate_key /etc/ssl/megaproduction.local/megaproduction.local.key;

        root /var/www/megaproduction.local;
    }
    ```

3. Redémarrer Nginx :
    ```bash
    sudo systemctl reload nginx
    ```

---

## HAProxy

1. Fusionner les certificats :
    ```bash
    cat megaproduction.local.crt megaproduction.local.key > /etc/ssl/megaproduction.local.pem
    ```

2. Modifier `/etc/haproxy/haproxy.cfg` :
    ```haproxy
    frontend https-in
        bind *:443 ssl crt /etc/ssl/megaproduction.local.pem
        mode http
        default_backend servers

    backend servers
        server web1 127.0.0.1:8080
    ```

3. Redémarrer HAProxy :
    ```bash
    sudo systemctl reload haproxy
    ```

---

## Astuce Firefox

Pour éviter l’avertissement de certificat autosigné, importe le certificat racine dans Firefox via :
`Paramètres > Confidentialité et sécurité > Certificats > Afficher les certificats > Importer`