Note
Step by step guide of what steps I take to enable HTTPS on my Laravel local development server using self-signed SSL certificate and stunnel. This guide is written for Ubuntu, but the commands should work similarly on macOS (you can figure out the Mac equivalents).
- OpenSSL installed on your system
- Ubuntu: sudo apt-get install openssl
- macOS: Usually pre-installed, or brew install openssl
- Stunnel installed
- Ubuntu: sudo apt-get install stunnel4
- macOS: brew install stunnel
- Laravel project running locally
- Basic terminal/command line knowledge
cd /path/to/your/projectmkdir ssl
cd sslWhat's happening here? We're creating a digital certificate that proves our server's identity. In production, you'd get this from a Certificate Authority (CA), but for local development, we create our own.
openssl genrsa -out localhost.key 2048This creates a 2048-bit RSA private key - think of it as a secret password that only your server knows.
openssl req -new -key localhost.key -out localhost.csrA CSR contains information about your server and is normally sent to a CA for signing. We'll self-sign it instead.
Note
During this step, when asked for "Common Name", enter: localhost
The Common Name must match the domain you'll access in your browser.
openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crtThis creates the actual certificate file, valid for 365 days, signed with our own private key.
cd ..touch stunnel.confPaste the following into stunnel.conf:
[https]
accept = 8000
connect = 8001
cert = ssl/localhost.crt
key = ssl/localhost.keyWhat stunnel does: Stunnel acts as a proxy that adds SSL/TLS encryption. It listens on port 8000 (HTTPS) and forwards decrypted traffic to port 8001 where your Laravel app runs (HTTP).
php artisan serve --port=8001Starts Laravel on HTTP port 8001
stunnel stunnel.confStarts stunnel to handle HTTPS on port 8000
- Visit: https://localhost:8000
- You may see a browser warning due to the self-signed certificate. You can safely bypass this warning for local development.
[!ERROR] Do NOT commit your local SSL files. Add the following to .gitignore:
Inside .gitignore file of your project:
ssl/localhost.key
ssl/localhost.csr
ssl/localhost.crt
stunnel.confOptionally, you can ignore the entire folder:
ssl/*
!ssl/.gitkeep # If you want to track the folder itself- How HTTPS Works - Mozilla Developer Network
- Comprehensive guide to understanding SSL/TLS and HTTPS
- What is SSL/TLS? - Cloudflare Learning Center
- Beginner-friendly explanation of SSL certificates and encryption
- OpenSSL Command Line Howto
- Official documentation for OpenSSL commands
- Self-Signed Certificates Explained
- When and why to use self-signed certificates
- Stunnel Official Documentation
- Complete stunnel configuration guide
- Stunnel Tutorial - DigitalOcean
- Step-by-step stunnel setup tutorial
- Laravel Documentation - HTTPS
- Laravel's built-in HTTPS handling
- Laravel Valet
- Alternative tool that provides automatic HTTPS for local Laravel development
- Public Key Infrastructure (PKI) Explained
- Understanding the broader context of digital certificates
- Certificate Signing Request (CSR) Guide
- Detailed explanation of CSR generation and fields
- Why Self-Signed Certificates are Dangerous in Production
- Important security considerations
- Let's Encrypt
- Free SSL certificates for production use