mkcert is a simple tool for making locally-trusted development certificates. It is available for a number of platforms. Youu can find additional install instructions and project details at https://github.com/FiloSottile/mkcert
I'm currently working from my Mac, so homebrew it is:
brew install mkcert
The first step is to generate your local (faux?) Certificate Authority.
mkcert -install
Running mkcert -CAROOT will show you where the root certificates ate located. On MacOS this is /Users/stephenfeather/Library/Application Support/mkcert
Inside you should find two files:
drwxr-xr-x@ 4 daUser staff 128 Feb 19 13:11 .
drwx------+ 175 daUser staff 5600 Feb 19 13:11 ..
-r--------@ 1 daUser staff 2484 Feb 19 13:11 rootCA-key.pem
-rw-r--r--@ 1 daUser staff 1842 Feb 19 13:11 rootCA.pem
The rootCA.pem is used by our clients to validate the certificate we create in the next step.
iOS is fairly easy. The OS will prompt if you try to open the file. You can email it, AirDrop it, or download it. Open Settings > VPN & Device Management. You can grant full rights since it's your certificate.
We can now create the certificate we will have our servers use when sending content. In this example, we have localhost by name and by ip. For advanced operating systems, we include ::1 which is the IPv6 equivalent of 127.0.0.1.
mkcert -cert-file local-cert.pem -key-file local-key.pem \
"localhost" \
"127.0.0.1" \
"192.168.1.2" \
"d8cd:54a9:37b5:97bb:4252:d4b0:9d98:231c" \
"::1"
When we run the following against our certificate file, we should see our ips and names.
openssl x509 -in local-cert.pem -text -noout | grep -A 2 "Subject Alternative Name"