Menu
I installed Vagrant and Homestead to test my app locally. Everything works correctly when I access http://mysite.app in Firefox and Chrome. However, Safari won't let me use the http / non secure version of the site and will automatically redirect me to the secure (https) version. For example, when accessing http://mysite.app, I get redirected to https://mysite.app.
Other browsers (Firefox and Chrome) doesn't redirect me and I can use the standard, non secure version. So it's not a redirect enforced by the server.
The redirection itself wouldn't really be an issue if Safari would let me access the https version. Since it's a local dev environment, the SSL certificate is self signed and Safari won't allows me to access a site with a non trusted certificate. So in the end, I always get a Safari can't establish a secure connection error when using Safari to access this Vagrant site.
Safari doesn't offer a way (anymore?) to accept the self signed certificate. Again, this is not an issue with Chrome or Firefox since they allow you to add an exception right from the browser.
Any idea how I can make Safari use the http version of the site or make Safari trust the self signed certificate ?
FYI, I'm using Safari 11.0.2 on High Sierra 10.13.2 Beta. Same result on iMac and MacbookAir, so it's not computer related.
233
If you want to turn on SSL/TLS trust for that certificate, go to Settings > General > About > Certificate Trust Settings. Under "Enable full trust for root certificates," turn on trust for the certificate. Apple recommends deploying certificates via Apple Configurator or Mobile Device Management (MDM).
In the Category list, select a category. Select a certificate, then choose File > Get Info. Click the Trust disclosure triangle to display the trust policies for the certificate. To override the trust policies, choose new trust settings from the pop-up menus.
While I didn't found why Safari wants to force SSL and doesn't want to use the non secure (http) version of my site on this Vagrant/Homestead box (like Firefox or Chrome), I found a way to mark the self signed site certificate as trusted in MacOS Keychain Access.
Note that shouldn't be an issue with prior version of MacOS since Safari used to allow you to add an exception directly in the browser and continue to a site with an invalid SSL certificate. This options seams to be gone in Safari 11 (High Sierra).
So a solution to access my Vagrant website is to save the site certificate on the host computer (using an ssh connection to the Vagrant box or another Browser), add it to the Keychain and mark it as trusted.
However, another issue regarding Keychain Access came up. While this used to work in earlier version of MacOS, under High Sierra (or at least 10.13.2 Beta), the ability to mark a certificate as trusted from the Keychain Access app is gone. On both my iMac and MacbookAir, double clicking on the certificate added to the Keychain does absolutely nothing. Even clicking Get Info from the contextual menu doesn't bring the ability to edit the certificate.
A workaround for this is to use the command line to mark the certificate as trusted. Using Terminal, cd to the directory where the certificate is saved on your computer and run this command :
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain example.app.cer
Change example.app.cer with the name of your certificate. This will mark the certificate as trusted in Keychain Access and allows you to visit the local site as if it was signed with a valid certificate.
tl;dr Add the site certificate taken from the Vagrant/Homestead box to the keychain, run the command and just use https connexion.
140
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With