Enable HTTPS for a VIP Local Development Environment
By default, VIP Local Development Environment URLs resolve with HTTP
rather than HTTPS
, the secure browsing protocol. When developing locally, some users may have a need for URLs to resolve at HTTPS
(e.g. applications with payment integrations). For HTTPS
to work as expected, a trusted digital certificate issued by a certificate authority (CA certificate) for the local environment must be added to the user’s machine.
Warning
Even after correctly completing the steps to configure a CA certificate on the local machine, some browsers—including Chrome and Safari—might not trust the certificate.
Identify the absolute local path of the CA certificate
Once a VIP Local Development Environment has been created, a CA certificate will be located on the user’s local machine.
The exact local path for the CA certificate will vary depending on the operating system of the user’s local machine. Listed below are example paths for the CA certificate vipdev.lndo.site.pem
on various operating systems if the current user is named “example-user”.
- macOS:
/Users/example-user/.local/share/vip/lando/certs/vipdev.lndo.site.pem
- Windows (WSL):
\\wsl.localhost\<EXAMPLE-DISTRO>\home\example-user\.local\share\vip\lando\certs\vipdev.lndo.site.crt
- Windows (native):
C:\Users\example-user\.local\share\vip\lando\certs\vipdev.lndo.site.pem
- Ubuntu:
/home/example-user/.local/share/vip/lando/certs/vipdev.lndo.site.pem
Configure the local machine to trust the CA certificate
The exact commands needed to trust the CA certificate will differ depending on the local machine’s operating system. Refer to Lando’s documentation for trusting the CA certificate for macOS, Windows, and Debian command examples. When using the command examples in Lando’s documentation, substitute the path of the Lando certificate with the absolute local path of the CA certificate.
Mac OS and Linux
Replace the value <EXAMPLE-USER>
with the name of the user on the local machine and run the following command to trust the CA certificate:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /Users/<EXAMPLE-USER>/.local/share/vip/lando/certs/
vipdev.lndo.site.pem
Windows (WSL) or Windows (Native)
For local machines running Windows (WSL) or Windows (Native), add the CA certificate with certutil
.
For WSL, the path pointing to the machine’s distribution must be identified. The structure of the path will look similar to: \\wsl.localhost\<DISTRO>
. For example, if the machine’s distribution is called Ubuntu
, then the files will be accessible at \\wsl.localhost\Ubuntu
.
In the instructions below, replace the value <EXAMPLE-USER>
with the name of the Linux user on the local machine, and <DISTRO>
with the name of the machine’s distribution.
- Start a command terminal as an administrator.
- Run the following command in the terminal with updated values for
<EXAMPLE-USER>
and<DISTRO>
:
certutil -addstore -f "ROOT" \\wsl.localhost\<DISTRO>\home\<EXAMPLE-USER>\.local\share\vip\lando\certs\vipdev.lndo.site.crt
For example, if the distribution is Ubuntu
and the Linux user is example-user
, the command would be:
certutil -addstore -f "ROOT" \\wsl.localhost\Ubuntu\home\example-user\.local\share\vip\lando\certs\vipdev.lndo.site.crt
certutil -addstore -f "ROOT" \\wsl.localhost\Ubuntu\home\example-user\.local\share\vip\lando\certs\vipdev.lndo.site.crt
- A successfully completed command output the following message in the terminal:
Signature matches Public Key
Certificate "Lando Local CA" added to store.
CertUtil: -addstore command completed successfully.
Verify that the CA certificate is working as expected
If the terminal commands to trust the local CA certificate completed successfully, warnings that the CA certificate is not trusted should no longer occur. In a browser, visit a site on a running VIP Local Development Environment to verify that it loads without the certificate warnings.
The local environment does not need to be restarted in order for the CA certificate to be applied.
The trusted CA certificate will persist and can be used by all other VIP Local Development Environments that are created on that machine.
Last updated: October 17, 2024