Sometimes it’s preferible to keep your local development environment as close to production as possible.
In this post I’ll cover how to configure self-signed SSL certificates using a project called
mkcert which makes
creating, installing and removing self-signed certificates easier than ever.
The instructions are slightly different depending on your local environment:
$ brew install mkcert
If you intend to use Firefox, you should also install
$ brew install nss
mkcert and pass in the the domain names and IPs you want the certificate to include:
$ mkcert mywebsite.test localhost 127.0.0.1 ::1 Created a new certificate valid for the following names 📜 - "mywebsite.test" - "localhost" - "127.0.0.1" - "::1" The certificate is at "./mywebsite.test+3.pem" and the key at "./mywebsite.test+3-key.pem" ✅ It will expire on 7 September 2023
mkcert also accepts wildcards but some browsers (Firefox) will not accept those certificates.
After the certificates are generated we can install the local CA by running
mkcert with the install flag. This only needs to be done once as this CA will be used to sign all future certificates generated with
$ mkcert -install
If this is you first time installing certificates using
mkcert you should see the following output:
The local CA is now installed in the system trust store! ⚡️ # or... The local CA is already installed in the system trust store! 👍
At this point your can use your generated certificates with your development server.
$ flask run --cert=mywebsite.test+3.pem --key=mywebsite.test+3-key.pem
$ rails s -b 'ssl://127.0.0.1:3000?key=mywebsite.test+3-key.pem&cert=mywebsite.test+3.pem'
If you’re running the WSL2 then there are few extra steps in order to get the Windows 10 host to accept the validity of the certificates.
First we want to install
mkcert on Windows which we can do using
Open a Powershell terminal using the administrator user and run:
$ choco install mkcert
mkcert with the install flag like we did before:
# first set the CAROOT path to point to the root CA we generated on WSL2 # you can get this directory by running mkcert -CAROOT from a WSL2 terminal # if we don't do this it will install a different root CA and we will get warnings $CAROOT="\\wsl$\Ubuntu\home\ashley\.local\share\mkcert\" $ mkcert -install The local CA is now installed in the system trust store! ⚡️ Note: Firefox support is not available on your platform. ℹ️
You should see a popup like the one below. Click “Yes” to install the CA on the Windows 10 host.
Firefox on Windows
After that’s installed let’s fix Firefox so it doesn’t complain that our certs are invalid.
To do that open the Firefox browser and navigate to the settings and search for certificates:
Click on “View Certificates”
Next click on “Import”. We want to locate the root CA from our Linux instance. Mine was located here but yours will be different depending on your WSL2 linux distro:
Once installed you will see your local CA in the list of Authorities:
Now if we visit our local development server in Firefox on our Windows host we should see the page load without any warnings.