Turn your red lock into a green lock!

What is it? is a means for developers to test against valid SSL certificates without the bother of purchasing them. Two components make this possible:

  1. a special DNS backend that maps crafted hostnames to IP addresses (e.g. resolves to (similar to
  2. a wildcard SSL certificate for * and the corresponding key, both downloadable from GitHub

Install the certificate and key on the server, modify the server's configuration to use the certificate and key, and restart the daemon. After that, browse the server using the hostname via HTTPS (e.g. and receive a valid SSL connection (green lock), all in a matter of seconds.

How do I use it?

First, find your server's IP address to determine its hostname

Your server's hostname is a mash-up of your server's IP address and the domain. Here are some examples:

Server's IP Address Hostname

Second, download's SSL certificate and key from GitHub

Download the SSL key ( and wildcard SSL certificate chain ( from GitHub. You may use curl if you prefer the command line:

curl -OL
curl -OL

Third, configure the webserver with the SSL certificate & key

Configure the server's configuration file's SSL portion to use the SSL certificate & key downloaded from GitHub. Here is a sample from's webserver's nginx.conf (modified for clarity):

server {
  listen              443 ssl;
  ssl_certificate     /etc/ssl/;
  ssl_certificate_key /etc/ssl/;

Here's a similar configuration for Apache 2.4's httpd-ssl.conf:

Listen 443
SSLCertificateFile "/etc/ssl/"
SLCertificateKeyFile "/etc/ssl/"

Finally, restart your webserver and browse to its address via HTTPS

Browse to your webserver's hostname, e.g. (assuming that is the IP address of your webserver, which it isn't because that's the IP address of our webserver). Admire the beautiful green lock in your browser's address bar.

© 2015 Brian Cunnie, Pivotal Software