Local Community

Use a local Local (pun intended) CA to avoid the trust problem on macOS

The current mechanism of having to use KeyChain Access to manually trust each Local certificate is a bit awkward. Here is a process we have successfully used for a long time with our internal webdev tools:

  • When Local is installed, generate a Local CA (Certification Authority) certificate and prompt the user to set the Local CA as a trusted CA. The trust process is the same for CA certificates.
  • When issuing new certificates for individual Local sites, sign the certificates using the Local CA certificate.

The end result is that you need to manually trust only the CA certificate, and all subsequent site certificates are implicitly trusted.

I definitely agree with that. It provides a better experience to ask the user to manually trust it only one time, instead of doing it for each site individually.