Once the main authority certificate is trusted by your operating system or browser, all certificates VVV generates will always be trusted. The details of how to do this will depend on your platform, but to do so you will need to know where the certificate is located.
You can find the central certificate in
certificates/ca/ca.crt. There are some caveats though:
- This only works for your instance of VVV, you cannot use this to generate certificates for other VVV users
- This will only work on your machine, this cannot be used to generate an SSL certificate for a live website
- This will never work for
.devdomains, Google have preloaded Chrome with security policies, and Firefox has followed suit. These cannot be dismissed. Since the
.devTLD is owned and used by Google it isn’t safe, switch to
Trusting The VVV Root Certificate On MacOS / OS X
- Import the
certificates/ca/ca.crtfile into Keychain Access by double clicking on the file in finder
- Right-click the certificate and click Get Info.
- Expand the Trust section at the top, and under
Secure Sockets Layer (SSL), select
- Close the window. You’ll be prompted to enter your password to save the changes.
Trusting the VVV Root Certificate in Firefox
Firefox uses its own root certificate list, to access it:
- go to options, and under Privacy & Security
- go to the certificates section and click “View Certificates”
- In the Certificate Manager window, switch to the Authorities tab and click the “Import…” button.
- In the file open dialogue that pops up, select the VVV root certificate in your VVV folder at
- When Firefox asks you what you want to use the certificate for, check the box marked “Trust this CA to identify websites” and click Ok
- You should now see the
VVV INTERNALcertificate authority in the list.
Trusting the VVV Root Certificate on Windows 10
- Press the windows key + R, to bring up the run dialogue
secpol.mscand press Ok
- The Local security policy window/snapin should appear
- On the side menu, click Public Key Policies > Certificate Path Validation Settings.
- Then in Certificate Path Validation Settings Properties, under Store tab, check Define these policy settings. Make sure you check Allow user trusted root CAs to be used to validate certificates and Allow users to trust peer trust certificates options here. Under Root certificates stores, select Third-Party Root CAs and Enterprise Root CAs option. Click Apply followed by OK.
- Close the Local Security Policy window/snap-in.
- Press windows key + R again, to bring up the run dialogue
certmgr.mscand press Ok
- In the Certificate Manager window, click Trusted Root Certification Authorities > Certificates.
- Right click on Certificates and select All Tasks > Import.
- Now in Certificate Import Wizard, click Next.
- Then click on browse and select the VVV certificate root file in your VVV folder:
certificates/ca/ca.crt, then click Next.
- On the next screen, choose 8Automatically select the certificate store based on the type of certificate* option. Hit Next.
- Click Finish to finally import the certificate to Trusted Root Certification Authorities store.
- In few seconds, you’ll receive the confirmation saying The import was successful which means the new certificate is installed and ready for use.
Trusting the VVV Root Certificate on iOS
You will need to place the authority somewhere mobile safari can access. Make sure nobody see this as it could be a security risk, and remove the file once installed.
- Download the
ca.crtfile in safari
- iOS will prompt you to install the certificate
- tap install on each screen until the certificate is trusted
Be mindful that doing this from an app such as one drive or google drive may not work.
You can verify the certificate is installed by going to
Settings->General->Profiles. This option will only appear if profiles are installed, if it’s missing then the operation was unsuccesful.
Trusting the VVV Root Certificate on Android
Note that this is possible on Android 4-7, earlier versions require a rooted device;
System-installed certificates can be managed on the Android device in the Settings -> Security -> Certificates -> ‘System’-section, whereas the user trusted certificates are manged in the ‘User’-section there. When using user trusted certificates, Android will force the user of the Android device to implement additional safety measures: the use of a PIN-code, a pattern-lock or a password to unlock the device are mandatory when user-supplied certificates are used.
Android 8/N and later require changes to an app manifest, greatly limiting the use cases, here’s an extract from the charles proxy website:
As of Android N, you need to add configuration to your app in order to have it trust the SSL certificates generated by Charles SSL Proxying. This means that you can only use SSL Proxying with apps that you control.
In order to configure your app to trust Charles, you need to add a Network Security Configuration File to your app. This file can override the system default, enabling your app to trust user installed CA certificates (e.g. the Charles Root Certificate). You can specify that this only applies in debug builds of your application, so that production builds use the default trust profile.
Trusting the VVV Root Certificate on Other Operating Systems
There’s a wide variety of operating systems out there, and we can’t cover them all. If you can’t find instructions via Google, try checking instructions specific to your browser, a lot of browsers have their own list of authorities you can add to, and their own certificate managers.
There are more instructions on the CACert wiki here,