The best way I’ve found to add SSL certificates to a localhost environment is using
mkcert, which is technically not a self-signed certificate at all. Instead, it creates a local certificate signing authority, adds it to your machine, and uses that to sign certificates. The end result is a fully valid SSL certificate that is not self-signed, so it works with modern browsers and aligns with security protocols that block self-signed SSL certs.
What is mkcert?
mkcert makes an otherwise complex and difficult process very straight forward. As described on GitHub by the author
mkcert is a:
a simple tool for making locally-trusted development certificates that requires no configuration.
mkcert supports Mac, Windows and Linux machines, so it should work with your CPU setup.
Mac OS & Linux
brew install mkcert brew install nss
choco install mkcert
Adding Localhost SSL Certificates
Step 1: Create a Local Certificate Authority
Once you’ve installed the tool, you’ll need to create a local certificate authority (CA).
Step 2: Add SSL Certificates for Local URL’s
Once you’ve set up a local authority for signing certificate, you can add SSL certificates for your localhost’s. These
mkcert example.test "*.example.test" localhost 127.0.0.1 ::1
This will create two *.pem certificate files,
./example.test+4-key.pem, for the following hostnames:
These SSL certificates effectively cover the following URLs that are common localhost hosts:
https://example.testand any subdomain, like
Configuring the Local Web Server
You’ll need to configure a host pointing
www.example.test to your local web server. Once that’s setup, and you have the certificates added to your system, you might be done. Many localhost servers automatically load certificates from your machine’s certificate store. If you restart your browser and the URL loads successfully with a secure, valid SSL certificate attached (green lock icon to the left of your URL) then you’re all set.
If you don’t see a secure connection, yet then you may need to specifically point your local web server to use the
*.pem files generated by
mkcert in the previous steps.
httpd.conf file and add or update the following to it:
<VirtualHost *:443> ServerName www.example.com SSLEngine on SSLCertificateFile "/path/to/example.test+4.pem" SSLCertificateKeyFile "/path/to/example.test+4-key.pem" </VirtualHost>
Restart Apache to load the certificates, then re-check your browser to verify they’re working. You may need to restart your browser to get your site(s) working.
nginx.conf file and add or update the following to the
ssl_certificate "ssl/example.test+4.pem"; ssl_certificate_key "ssl/example.test+4-key.pem";
nginx to load the certificates, then re-check your browser to verify they’re working. You may need to restart your browser to get your site(s) working.