Kevinleary.net, LLC.

Trusted SSL Certificates for  Localhost

Creating valid SSL certificates for localhost web development, supporting one or many local domains.

Last Updated /

The best way I’ve found to add SSL certificates to a localhost environment is using mkcert, which is technically not a self-signed certificate at all. Instead, it creates a local certificate signing authority, adds it to your machine, and uses that to sign certificates. The end result is a fully valid SSL certificate that is not self-signed, so it works with modern browsers and aligns with security protocols that block self-signed SSL certs.

What is mkcert?

mkcert makes an otherwise complex and difficult process very straight forward. As described on GitHub by the author mkcert is a:

a simple tool for making locally-trusted development certificates that requires no configuration.

Installation

mkcert supports Mac, Windows and Linux machines, so it should work with your CPU setup.

Mac OS & Linux

brew install mkcert
brew install nss

Windows

choco install mkcert

Adding Localhost SSL Certificates

mkcert -install

Step 1: Create a Local Certificate Authority

Once you’ve installed the tool, you’ll need to create a local certificate authority (CA).

mkcert -install

Step 2: Add SSL Certificates for Local URL’s

Once you’ve set up a local authority for signing certificate, you can add SSL certificates for your localhost’s. These

mkcert example.test "*.example.test" localhost 127.0.0.1 ::1

This will create two *.pem certificate files, ./example.test+4.pem and ./example.test+4-key.pem, for the following hostnames:

  • example.test
  • *.example.test
  • localhost
  • 127.0.0.1
  • ::1

These SSL certificates effectively cover the following URLs that are common localhost hosts:

  • https://example.test and any subdomain, like https://www.example.test
  • https://localhost

Configuring the Local Web Server

You’ll need to configure a host pointing example.test and www.example.test to your local web server. Once that’s setup, and you have the certificates added to your system, you might be done. Many localhost servers automatically load certificates from your machine’s certificate store. If you restart your browser and the URL loads successfully with a secure, valid SSL certificate attached (green lock icon to the left of your URL) then you’re all set.

If you don’t see a secure connection, yet then you may need to specifically point your local web server to use the *.pem files generated by mkcert in the previous steps.

Apache

Open your httpd.conf file and add or update the following to it:

<VirtualHost *:443>
  ServerName www.example.com
  SSLEngine on
  SSLCertificateFile "/path/to/example.test+4.pem"
  SSLCertificateKeyFile "/path/to/example.test+4-key.pem"
</VirtualHost>

Restart Apache to load the certificates, then re-check your browser to verify they’re working. You may need to restart your browser to get your site(s) working.

nginx

Open your nginx.conf file and add or update the following to the http block:

ssl_certificate "ssl/example.test+4.pem";
ssl_certificate_key "ssl/example.test+4-key.pem";

Restart nginx to load the certificates, then re-check your browser to verify they’re working. You may need to restart your browser to get your site(s) working.

Meet the Author

Kevin Leary, WordPress Consultant

I'm a freelance web developer and WordPress consultant in Boston, MA with 16 years of experience building websites and applications. View a portfolio of my work or request an estimate for your next project.