Automatic SSL Certificates

DAMP automatically generates and manages SSL certificates for all your projects, enabling secure HTTPS development without manual configuration. Develop exactly as you would in production - with full SSL encryption from day one.

Why SSL in Development?

Modern web development requires HTTPS for many features to work correctly:

Browser Requirements

• Service Workers require HTTPS to function
• Progressive Web Apps need secure contexts
• Modern APIs (Camera, Geolocation, etc.) restricted to HTTPS
• HTTP/2 features only available over SSL
• Cookie security flags require secure connections

Development Parity

• Production consistency - develop as you deploy
• SSL-specific bugs caught early in development
• Mixed content issues identified immediately
• Certificate workflow testing in development

Security Benefits

• Encrypted traffic even in local development
• Certificate validation workflow testing
• HTTPS redirect logic development
• Security header testing and validation

How DAMP’s SSL Works

Automatic Certificate Authority

DAMP creates a local Certificate Authority (CA) on first launch:

1. Root CA Creation

   DAMP generates a root certificate authority:

   • Self-signed root certificate for local development
   • Private key stored securely on your machine
   • CA certificate added to system trust store
   • Automatic browser trust for all DAMP projects

2. Project Certificate Generation

   Each project gets its own SSL certificate:

   • Domain-specific certificates (e.g., my-project.local)
   • Wildcard support for subdomains
   • Automatic renewal before expiration
   • Multiple domain support per certificate

3. Browser Integration

   Certificates work immediately in all browsers:

   • Chrome/Edge: Automatically trusted
   • Firefox: One-time CA import
   • Safari: System keychain integration
   • Mobile devices: Manual CA installation

SSL Troubleshooting

Common Issues

Browser Shows “Not Secure”

Cause: CA certificate not trusted by browser

Solution:

1. Check if DAMP CA is installed in browser
2. Re-import CA certificate if needed
3. Clear browser cache and restart
4. Verify certificate covers the domain being accessed

Mixed Content Warnings

Cause: HTTPS page loading HTTP resources

Solution:

• Update resource URLs to use HTTPS
• Use protocol-relative URLs (//domain.com/resource)
• Configure your application to serve all assets over HTTPS

Debugging Tools

Certificate Information

View detailed certificate information:

# View certificate details
openssl x509 -in /path/to/certificate.crt -text -noout

# Check certificate chain
openssl s_client -connect my-project.local:443 -showcerts

# Verify certificate against CA
openssl verify -CAfile damp-ca.crt my-project.crt

Integration with Development Tools

VS Code DevContainer

SSL certificates work seamlessly in DevContainers:

• Automatic mounting of certificate files
• Environment variables for certificate paths
• HTTPS development inside containers

API Testing Tools

Configure API testing tools to trust DAMP certificates:

Postman

• Import DAMP CA certificate in Postman settings
• Disable SSL verification for development
• Use HTTPS URLs for all requests

Insomnia

• Add CA certificate to Insomnia trust store
• Configure per-environment SSL settings
• Test SSL-specific API behaviors

Security Best Practices

Development SSL (DAMP)

• ✅ Self-signed certificates appropriate for local development
• ✅ Automatic trust improves developer experience
• ✅ No external dependencies for certificate generation
• ⚠️ Not for production use

SSL Best Practices

• Always develop with HTTPS to catch SSL-specific issues early
• Use HTTPS redirects consistently across environments

DAMP’s automatic SSL certificate management provides production-like HTTPS development without the complexity, letting you focus on building features rather than fighting certificate configuration.