I installed Vagrant and Homestead to test my app locally. Everything works correctly when I access http://mysite.app
in Firefox and Chrome. However, Safari won't let me use the http
/ non secure version of the site and will automatically redirect me to the secure (https) version. For example, when accessing http://mysite.app
, I get redirected to https://mysite.app
.
Other browsers (Firefox and Chrome) doesn't redirect me and I can use the standard, non secure version. So it's not a redirect enforced by the server.
The redirection itself wouldn't really be an issue if Safari would let me access the https
version. Since it's a local dev environment, the SSL certificate is self signed and Safari won't allows me to access a site with a non trusted certificate. So in the end, I always get a Safari can't establish a secure connection
error when using Safari to access this Vagrant site.
Safari doesn't offer a way (anymore?) to accept the self signed certificate. Again, this is not an issue with Chrome or Firefox since they allow you to add an exception right from the browser.
Any idea how I can make Safari use the http
version of the site or make Safari trust the self signed certificate ?
FYI, I'm using Safari 11.0.2 on High Sierra 10.13.2 Beta. Same result on iMac and MacbookAir, so it's not computer related.
While I didn't found why Safari wants to force SSL and doesn't want to use the non secure (http) version of my site on this Vagrant/Homestead box (like Firefox or Chrome), I found a way to mark the self signed site certificate as trusted in MacOS Keychain Access.
Note that shouldn't be an issue with prior version of MacOS since Safari used to allow you to add an exception directly in the browser and continue to a site with an invalid SSL certificate. This options seams to be gone in Safari 11 (High Sierra).
So a solution to access my Vagrant website is to save the site certificate on the host computer (using an ssh connection to the Vagrant box or another Browser), add it to the Keychain and mark it as trusted.
However, another issue regarding Keychain Access came up. While this used to work in earlier version of MacOS, under High Sierra (or at least 10.13.2 Beta), the ability to mark a certificate as trusted from the Keychain Access app is gone. On both my iMac and MacbookAir, double clicking on the certificate added to the Keychain does absolutely nothing. Even clicking Get Info
from the contextual menu doesn't bring the ability to edit the certificate.
A workaround for this is to use the command line to mark the certificate as trusted. Using Terminal, cd
to the directory where the certificate is saved on your computer and run this command :
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain example.app.cer
Change example.app.cer
with the name of your certificate. This will mark the certificate as trusted in Keychain Access and allows you to visit the local site as if it was signed with a valid certificate.
tl;dr Add the site certificate taken from the Vagrant/Homestead box to the keychain, run the command and just use https connexion.