Stop Chrome & Firefox from blocking HTTPS requests by default for all domains hosted by Homestead

Virtual hosted Homestead SSL URLs in both Chrome and Firefox display an insecure message when visited. In this tutoial we will stop these browsers from blocking HTTPS requests by default for all domains hosted by Homestead.

To get started, you simply need to import your certificate authority, .csr, file into Firefox. For Chrome you need to add the certificate into your macOS Keychain.

To import your .csr file from Laravel Homestead copy Homestead’s ca.homestead.homestead.crt file to your local machine.

For example, you can SSH into your homestead vagrant box and then copy the file to a folder shared with your host machine. For me that is the code directory.

sudo cp /etc/nginx/ssl/ca.homestead.homestead.crt ~/code/ca.homestead.homestead.crt


In Firefox fixing the SEC_ERROR_UNKNOWN_ISSUER error in Firefox and Chrome on Mac OSX is easy enough.

Import ca.homestead.homestead.crt as a certificate authority in Firefox under about:preferences#privacy at the bottom of the page.

Once you have imported the certificate authority trust it and it will then appear in your “Authorities” list under the just created “Vagrant” section. Now, you can trash your Mac’s local copy of the ca.homestead.homestead.crt file.

ff sec error unknown issuer homestead 1


Installing the certificate into Chrome is easy.

  1. Locate ca.homestead.homestead.crt and double-click the file to open Keychain.
  2. Select “System” from the popup and continue.
  3. In Keychain search for the “Homestead” certificate and double-click “Homestead homestead Root CA” from the list.
  4. In the pop-up open “Trust” and set all the options to “Always Trust”.
  5. Close the pop-up and enter your password when asked; entering your password will save your edits.
homestead mac keychain access 2


Once you have added the certificate for the browser(s) you prefer to use you can delete the copied, or duplicate, certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.