The best way I’ve found to add SSL certificates to a localhost environment is using mkcert
, which is technically not a self-signed certificate at all. Instead, it creates a local certificate signing authority, adds it to your machine, and uses that to sign certificates. The end result is a fully valid SSL certificate that is not self-signed, so it works with modern browsers and aligns with security protocols that block self-signed SSL certs.
What is mkcert?
mkcert
makes an otherwise complex and difficult process very straight forward. As described on GitHub by the author mkcert
is a:
a simple tool for making locally-trusted development certificates that requires no configuration.
Installation
mkcert
supports Mac, Windows and Linux machines, so it should work with your CPU setup.
Mac OS & Linux
brew install mkcert
brew install nss
Windows
choco install mkcert
Adding Localhost SSL Certificates
mkcert -install
Step 1: Create a Local Certificate Authority
Once you’ve installed the tool, you’ll need to create a local certificate authority (CA).
mkcert -install
Step 2: Add SSL Certificates for Local URL’s
Once you’ve set up a local authority for signing certificate, you can add SSL certificates for your localhost’s. These
mkcert example.test "*.example.test" localhost 127.0.0.1 ::1
This will create two *.pem certificate files, ./example.test+4.pem
and ./example.test+4-key.pem
, for the following hostnames:
- example.test
- *.example.test
- localhost
- 127.0.0.1
- ::1
These SSL certificates effectively cover the following URLs that are common localhost hosts:
https://example.test
and any subdomain, likehttps://www.example.test
https://localhost
Configuring the Local Web Server
You’ll need to configure a host pointing example.test
and www.example.test
to your local web server. Once that’s setup, and you have the certificates added to your system, you might be done. Many localhost servers automatically load certificates from your machine’s certificate store. If you restart your browser and the URL loads successfully with a secure, valid SSL certificate attached (green lock icon to the left of your URL) then you’re all set.
If you don’t see a secure connection, yet then you may need to specifically point your local web server to use the *.pem
files generated by mkcert
in the previous steps.
Apache
Open your httpd.conf
file and add or update the following to it:
<VirtualHost *:443>
ServerName www.example.com
SSLEngine on
SSLCertificateFile "/path/to/example.test+4.pem"
SSLCertificateKeyFile "/path/to/example.test+4-key.pem"
</VirtualHost>
Restart Apache to load the certificates, then re-check your browser to verify they’re working. You may need to restart your browser to get your site(s) working.
nginx
Open your nginx.conf
file and add or update the following to the http
block:
ssl_certificate "ssl/example.test+4.pem";
ssl_certificate_key "ssl/example.test+4-key.pem";
Restart nginx
to load the certificates, then re-check your browser to verify they’re working. You may need to restart your browser to get your site(s) working.