▶ Video: How to enable SSL / TLS / HTTPS on Laravel Homestead

It’s a really good idea that the tech stack of your production & development environments are as similar as possible.1 While most developers make sure that PHP, database & web server somewhat match across environments. One item that tends to get overlooked on the local environment is SSL/TLS — aka https://.

Laravel Homestead generates self-signed certificates for your sites. But you’ll need to get your browser to trust them. And depending on the browser, it’s not very clear what you need to do (🤜 Chrome).

I’m going to secure our website locally with Homestead running on macOS Mojave. I’ll step through each of the major browsers: Chrome, Safari and Firefox.

Prerequisites #

  1. I assume you already have your site running locally on Homestead.

  2. You’ve checked that your Homestead.yaml is correctly configured for SSL.

In the top section of your Homestead.yaml, make sure you have ssl: true.

ip: "192.168.10.10"
memory: 2048
cpus: 2
provider: vmware_fusion 
mariadb: true
ssl: true

Also, your local domain should be explicitly defined in the sites section.

sites:
    - map: eaglepeakweb.test
      to: /home/vagrant/Code/ep-craft/web     
      php: "7.1"

Trusting self-signed certificates on Chrome #

  1. Start Homestead & visit your local site. ex: https://eaglepeakweb.test/
    You’ll see a warning that Your connection is not private.

  2. Up in the address bar, click Not Secure. And then click Certificate.

  3. Create a folder on your computer where you’ll store the Homestead self-signed certificates. ex: ~/Code/laravel/homestead-certs/
    Drag the certificate from your browser to that folder.

  4. Launch the Keychain Access macOS utility. Click on Certificates in the left side Category pane. Now drag the certificate from your computer to Keychain Access.

  5. Double-click on the certificate.
    Open the Trust section. And change the first option to Always Trust.
    When you close the window you’ll be prompted for administrator password to authorize this trusted certificate.

  6. Important Quit Chrome.
    Yes. Shut it down completely to save yourself some grief.

  7. Relaunch Chrome & visit your local site. It should now load securely using https://

Trusting self-signed certificates on Safari #

  1. Start Homestead & visit your local site. ex: https://eaglepeakweb.test/
    You’ll see a warning that This Connection is Not Private.
  2. Click the Show Details button. And then click the view the certificate link.
  3. Create a folder on your computer where you’ll store the Homestead self-signed certificates. ex: ~/Code/laravel/homestead-certs/
    Drag the certificate from your browser to that folder.
  4. Launch the Keychain Access macOS utility. Click on Certificates in the left side Category pane. Now drag the certificate from your computer to Keychain Access.
  5. Double-click on the certificate.
    Open the Trust section. And change the first option to Always Trust.
    When you close the window you’ll be prompted for administrator password to authorize this trusted certificate.
  6. Visit your local site. It should now load securely using https://

Trusting self-signed certificates on Firefox #

  1. Start Homestead & visit your local site. ex: https://eaglepeakweb.test/
    You’ll see a warning that Your connection is not secure.
  2. Click the Advanced button.
  3. Click the Add Exception… button.
  4. Click the Get Certificate button.
  5. Click the Confirm Security Exception button.
  6. Firefox will automatically reload your local URL but now using https://
    NOTE Firefox will still display a ⚠️ icon in the address bar but it’s to denote that you added a Security Exception for the self-signed certificate.

1 https://12factor.net/dev-prod-parity


Alex Aguilar, Partner, Software Engineer

Alex Aguilar

Partner, Software Engineer