Fully Trusted Self-Signed SSL Certificates for Local Development

UPDATE: It looks like mkcert is even better than this manual process.

There are a lot of tutorials around about how to create self-signed certificates, but most of them won’t result in having certs that are fully trusted in all major browsers (i.e., the green bar).

In order to do that, especially with Firefox, it’s necessary to create a self-signed CA certificate, and then sign your certificates for each site using that. The instructions in that article will show you how to get the certs trusted by Chrome (by importing it into OS X’s keychain).

For Firefox, you’ll need to import the CA’s pem into the Preferences > Certificates > Advanced > Authorities screen.

Once the CA cert is imported into OS X and Firefox, you’ll won’t need to import your individual certificates; they’ll be fully trusted as long as they’re signed by the CA cert.

Leave a Reply

Your email address will not be published. Required fields are marked *