Use a local Local (pun intended) CA to avoid the trust problem on macOS

Feature requests
,
1

The current mechanism of having to use KeyChain Access to manually trust each Local certificate is a bit awkward. Here is a process we have successfully used for a long time with our internal webdev tools:

  • When Local is installed, generate a Local CA (Certification Authority) certificate and prompt the user to set the Local CA as a trusted CA. The trust process is the same for CA certificates.
  • When issuing new certificates for individual Local sites, sign the certificates using the Local CA certificate.

The end result is that you need to manually trust only the CA certificate, and all subsequent site certificates are implicitly trusted.

2

I definitely agree with that. It provides a better experience to ask the user to manually trust it only one time, instead of doing it for each site individually.

3

Any feedback for this feature? I reckon it would be near-trivial to implement, and would provide a great usability boost.

4

Hello @bpfh - thank you for following up on this.

We will be discussing various feature requests next week with the Local team and I will make sure this one is on our radar and provide an update about it as soon as I can.

Best,

Sam :woman_technologist:t3:

5

Hello @bpfh -

I spoke with the Local development team and this is on the list of future improvements.

Although we don’t have a set timeframe for this, I did want to communicate that we recognize it is a useful feature and worth exploring.

I will keep you all updated as I receive more information.

Thank you,

Sam :woman_technologist:t3:

6

Very good. If you need help with the PKI side of things (the local Local CA and end entity signing), give me a holler.

1 Like
7

Hi @bpfh -

Very appreciated, thank you so much.

Sam

8

Any updates on this, that you can share on this?