At Cerebrum, we don’t just talk about robust security – we embody it. By harnessing the power of open-source, we’ve integrated Ory Kratos, a sophisticated authentication solution, into our products. However, this integration presented a unique challenge during local development. Naturally, our infrastructure operates under an HTTPS domain, but Ory Kratos heavily relies on secure cookies for its browser operations. When deploying Ory Kratos, an issue emerged. Authenticating users from local machines proved more cumbersome than expected. Ory Kratos set its cookies for the HTTPS domain, and the service running on localhost would continually and unsuccessfully attempt to access these cookies via HTTP.

There are several other scenarios where HTTPS is necessary for local development:

1. Testing HTTPS-Only Features: Some web features, especially those related to security and privacy, only work over HTTPS. Testing them locally requires an HTTPS setup.
2. Browser APIs: Modern browser APIs such as Service Workers, Geolocation, and others mandate that the application be served over HTTPS. To test and develop with these APIs locally, HTTPS is essential.
3. WebRTC Development: Developing and testing WebRTC applications often necessitates an HTTPS setup for real-time communication.

Here are the steps to set up HTTPS locally:

1. Install a Local Certificate Authority
2. Generate a Local SSL Certificate
3. Update Your Host Files
4. Configure Your App/Server to use HTTPS
5. Test your setup

Let’s dive into it.

Install a Local Certificate Authority

Before you can use HTTPS, you need a certificate. For local development, we’ll create a local certificate authority (CA). We’ll use mkcert to create a local certificate. Here a