There are many different articles about how to get the green lock icon in our browser for the local development environment, but I haven’t got the expected result following those steps, finally, I’ve solved the issue following the step of several different articles so I’m trying to summarize what I’ve done:
If you’re using different OS than Windows, here’s a StackOverflow post, I think this is the best article that summarizes the different approaches:
The Domain
Unfortunately, you can’t use any TLD. If you use .dev or .app you have to change your testing domain name. The recommended, using .test.
https://github.com/laravel/homestead/issues/754
Homestead.yaml
The next step is enabling SSL for your Homestead setup
In the top section of theHomestead.yaml, make sure you have this line:
ssl: true
For example:
ip: "192.168.10.10"
memory: 2048
cpus: 2
provider: vmware_fusion
ssl: trueAdd your site, set the desired domain in the map section
sites:
- map: mytestdomain.test
to: /home/vagrant/test/public
php: "7.1"Getting Certifications
If you have ssl: true and the Vagrant machine is provisioned, Homestead is going to create your certificate files automatically. We need to get these files from the Homestead machine, Import them in your browser and make them trusted, to see the desired green lock. :)
1. SSH into your Vagrant machine by running the command below in the directory you’ve saved your copy of Homestead.
vagrant ssh2. Then navigate to /etc/nginx/ssl.
cd /etc/nginx/sslIn the directory find these files:
ca.homestead.homestead.crt
mytestdomain.test.crt3. Copy Homestead’s root CA certificate and the domain’s certificate from this directory to a directory shared between your virtual machine and the host machine (Windows).
cp ca.homestead.homestead.crt /home/vagrant/your-shared-directory
cp mytestdomain.test.crt /home/vagrant/your-shared-directoryThis way you’ll see these files on your Windows machine, so you can Import them in the next step.
For example, if in your Homestead configuration you have mapped C:/projects/myappto /home/vagrant/myapp, you would find the certificate copied into C:/projects/myapp.
Importing the Certifications
1. Open your web browser’s setting & select Advanced:
Google Chrome: chrome://settings/?search=Manage%20certificates
2. Find Manage / View Certificates.
3. Select Import and browse for the certificates you just copied from your virtual machine on to your local machine.
4. Under the section labeled Place all certificates in the following store, find and select Trusted Root Certification Authorities.
Source: https://medium.com/dinssa/ssl-certificates-laravel-homestead-windows-https-f83ec8b3198
Mozilla Firefox: about:preferences#privacy
Firefox has some internal importing tool, I had to import the ca.homestead.homestead.crt file on the Authorities Tab.
Just for fun, another approach of Importing:
https://superuser.com/questions/810428/why-is-the-local-certificate-store-missing-in-windows-8-1
Trust
In my case I had to make these steps to make it work:
To add certificates to the Trusted Root Certification Authorities store for a local computer, from the WinX Menu in Windows 10/8.1, open Run box, type mmc, and hit Enter to open the Microsoft Management Control.
Press the File menu link and select Add/Remove Snap-in. Now under Available snap-ins, click Certificates, and then click Add.
Click OK. In the next dialog box, select Computer account and then on Next.
Now select Local computer and click on Finish.
Now, back in MMC, in the console tree, double-click on Certificates and then right-click on Trusted Root Certification Authorities Store. Under All tasks, select Import.
The Certificate Import Wizard will open.
Follow the instructions in the wizard to complete the process.
Now let us see how to configure and manage trusted root certificates for a local computer. Open MMC and press the File menu link and select Add/Remove Snap-in. Now under Available snap-ins, click Group Policy Object Editor, and then click Add. Select the computer whose local GPO you want to edit, and click Finish / OK.
Now, back in the MMC console tree, navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings. Next Public Key Policies. Double-click Certificate Path Validation Settings, and then select the Stores tab.
Here, select the Define these policy settings, Allow user trusted root CAs to be used to validate certificates and Allow users to trust peer trust certificates checkboxes.
Finally, under Stores tab > Root certificate stores, select one option under Root CAs that the client computers can trust and click OK. If in doubt, go with the recommended option.
Source1: https://www.thewindowsclub.com/manage-trusted-root-certificates-windows
Source2: https://superuser.com/questions/145394/windows-7-will-not-install-a-root-certificate/145398#145398
Bonus: Android
- Upload certificate files to your phone
- Tap on them and install them for Apps
If you’re working on an Android App you need to enable the user certificates,
add the following lines to AndroidManifest.xml:
<application
android:name=...
android:debuggable="true"
android:networkSecurityConfig="@xml/network_security_config"
...
/application>Create a network_security_config.xml (for NativeScript this file should be created inside App_Resources/Android/xml/):
<?xml version=”1.0" encoding=”utf-8"?>
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src=”user”/>
</trust-anchors>
</debug-overrides>
</network-security-config>Source: https://medium.com/@noumaan/ssl-app-dev-a2923d5113c6
