Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

What is the best practice for allowing local development https?

  • 5 replies
  • 1 has this problem
  • 7 views
  • Last reply by davekaplan

more options

I have a local development environment for websites using Vagrant and VMWare Fusion. Online I use Let's Encrypt, locally I create a root certificate, then I create my development site's certifcate to point at the root cert. If I have this right. I followed a guide at https://deliciousbrains.com/https-locally-without-browser-privacy-errors/

I'm on a mac, the approach works great with Safari and Chrome. It used to work with Firefox, I would IMPORT the .pem file and then the site loaded up using https://mylocaldomain.dvlp but this no longer works. I managed to make a .p12 file and add that, but I'm getting the SEC_ERROR_UNKNOWN_ISSUER error

I guess at that point I can add an exception, that's ok, just look for best practices (even though that little "i" on the lock is going to bug me).

Or from this thread: https://support.mozilla.org/en-US/questions/1232718 I could change the `security.enterprise_roots.enabled` setting.

Any recommendations for how to allow a local development domain to use a certificate? I like that when I hit true on for _roots.enabled the site finds the certificate.

What are your thoughts on this?

Thanks, Dave

I have a local development environment for websites using Vagrant and VMWare Fusion. Online I use Let's Encrypt, locally I create a root certificate, then I create my development site's certifcate to point at the root cert. If I have this right. I followed a guide at https://deliciousbrains.com/https-locally-without-browser-privacy-errors/ I'm on a mac, the approach works great with Safari and Chrome. It used to work with Firefox, I would IMPORT the .pem file and then the site loaded up using https://mylocaldomain.dvlp but this no longer works. I managed to make a .p12 file and add that, but I'm getting the SEC_ERROR_UNKNOWN_ISSUER error I guess at that point I can add an exception, that's ok, just look for best practices (even though that little "i" on the lock is going to bug me). Or from this thread: https://support.mozilla.org/en-US/questions/1232718 I could change the `security.enterprise_roots.enabled` setting. Any recommendations for how to allow a local development domain to use a certificate? I like that when I hit true on for _roots.enabled the site finds the certificate. What are your thoughts on this? Thanks, Dave

All Replies (5)

more options

With SEC_ERROR_UNKNOWN_ISSUER there is usually a certificate chain shown if you click this blue error text. That should allow to check what goes wrong.

You do see the root certificate in the Certificate Manager under the Authorities tab and this certificate does have the appropriate trust bit(s) set?

more options

Thanks for the reply. I see the root certificate in Your Certificates

I see the following when I open the error. https://wp-range.workalicious.dvlp/ Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false Certificate chain:


BEGIN CERTIFICATE----- ... long string -----END CERTIFICATE-----
more options

You can use an online decoder to examine the listed certificate(s).

more options

cor-el said

You can use an online decoder to examine the listed certificate(s).

Thanks, that's a nice tool. I did it and see the root certificate. Any suggestions for clearing the error?

more options

Does the `Common Name (CN)` need to match the domain in the `SANs`? That seems like a different error.