The current mechanism of having to use KeyChain Access to manually trust each Local certificate is a bit awkward. Here is a process we have successfully used for a long time with our internal webdev tools:
- When Local is installed, generate a Local CA (Certification Authority) certificate and prompt the user to set the Local CA as a trusted CA. The trust process is the same for CA certificates.
- When issuing new certificates for individual Local sites, sign the certificates using the Local CA certificate.
The end result is that you need to manually trust only the CA certificate, and all subsequent site certificates are implicitly trusted.