BestHub
Sign in
Frontend Development 6 min read

How to Quickly Set Up a Local HTTPS Development Environment

This guide explains why HTTPS is required for local web development, demonstrates how to create a self‑signed root CA and a wildcard domain certificate with OpenSSL, shows how to trust the root certificate on macOS, and provides example Webpack devServer and hosts file configurations for a secure local workflow.

360 Tech Engineering
360 Tech Engineering
360 Tech Engineering
How to Quickly Set Up a Local HTTPS Development Environment

Local development often needs HTTPS because many Web APIs (e.g., navigator.clipboard) only work in a secure context; browsers treat https://localhost and window.isSecureContext as secure, and some HTTP requests may be rejected by HTTPS servers.

First, generate a self‑signed root CA using OpenSSL: openssl genrsa -des3 -out localCA.key 2048 Then create the root certificate (valid for 5 years):

openssl req -x509 -new -nodes -key localCA.key -sha256 -days 1825 -out localCA.pem

Import localCA.pem into macOS Keychain Access, set it to "Always Trust", and confirm the trust status.

Next, create a wildcard domain certificate. Generate a private key for the domain: openssl genrsa -out ext.yourdomain.com.key 2048 Create a Certificate Signing Request (CSR):

openssl req -new -key ext.yourdomain.com.key -out ext.yourdomain.com.csr

Prepare an extension file (e.g., ext.yourdomain.com.ext) with the following content:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.yourdomain.com

Sign the CSR with the root CA to obtain the wildcard certificate:

openssl x509 -req -in ext.yourdomain.com.csr \
  -CA localCA.pem -CAkey localCA.key \
  -CAcreateserial -out ext.yourdomain.com.crt \
  -days 1825 -sha256 -extfile ext.yourdomain.com.ext

Copy the generated ext.yourdomain.com.key and ext.yourdomain.com.crt to your project and configure Webpack devServer:

devServer: {
  proxy: { '*': 'http://127.0.0.1:9360' },
  port: 443,
  https: {
    key: fs.readFileSync(path.join(__dirname, 'ext.yourdomain.com.key')),
    cert: fs.readFileSync(path.join(__dirname, 'ext.yourdomain.com.crt'))
  },
  host: 'dev.yourdomain.com',
  allowedHosts: ['dev.yourdomain.com'],
  watchContentBase: true
}

Add host entries to your /etc/hosts file:

127.0.0.1 dev.yourdomain.com
127.0.0.1 test.yourdomain.com

After restarting the services, the local site can be accessed via https://dev.yourdomain.com. Note that the wildcard *.yourdomain.com only covers one level (e.g., dev.yourdomain.com or test.yourdomain.com); deeper subdomains like dev.h5.yourdomain.com require a separate certificate.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

OpenSSLHTTPSSSLCertificate AuthorityLocal Development
360 Tech Engineering
Written by

360 Tech Engineering

Official tech channel of 360, building the most professional technology aggregation platform for the brand.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment