SSL & HTTPS in ForgeKit
ForgeKit includes built-in support for local HTTPS.
You can enable SSL for any site with a single checkbox, and ForgeKit
will automatically generate and manage the certificates for you.
Unlike many local development tools that rely on external utilities, ForgeKit handles everything internally.
How ForgeKit HTTPS Works
ForgeKit uses a router-based TLS architecture.
Instead of configuring SSL inside Apache or Nginx for every site, ForgeKit terminates HTTPS in its own router and forwards the request to the appropriate web server instance.
Browser
↓
HTTPS (TLS)
↓
ForgeKit Router
↓
HTTP
↓
Apache / Nginx
↓
PHP / Application
This approach keeps your web server configuration simple and ensures HTTPS works consistently across different environments.
Enabling HTTPS
When creating or editing a site, you can enable HTTPS using the Use HTTPS option.
You can also enable Force HTTPS, which redirects all HTTP traffic to HTTPS.
Options:
- Use HTTPS
- Force HTTPS
When enabled, ForgeKit will:
- Generate a TLS certificate for the domain
- Trust the ForgeKit local certificate authority
- Serve the site over HTTPS through the router
No manual setup is required.
Local Certificate Authority (CA)
ForgeKit creates a local certificate authority the first time HTTPS is used.
Location:
ForgeKit/certs/ca/
Files created:
- forgekit-root-ca.pem
- forgekit-root-ca-key.pem
The CA is automatically added to the Windows Trusted Root Certificate Authorities store so browsers trust the generated certificates.
This allows your browser to display the secure lock icon without warnings.
Domain Certificates
ForgeKit generates a certificate for each domain that has HTTPS enabled.
Certificates are stored here:
ForgeKit/certs/domains/
These certificates are automatically served by the ForgeKit router using SNI (Server Name Indication).
Automatic Certificate Renewal
ForgeKit automatically renews certificates before they expire.
Domain certificates:
- Valid for 1 year
- Automatically regenerated if less than 30 days remain
The renewal process happens automatically when:
- ForgeKit starts
- Configuration reloads
- A request is made to the domain
No restart is required.
HTTPS Redirects
If Force HTTPS is enabled, ForgeKit automatically redirects:
http://mysite.test → https://mysite.test
The redirect is handled by the ForgeKit router, not the web server.
This keeps Apache and Nginx configurations simpler and consistent.
Why ForgeKit Handles HTTPS in the Router
Handling TLS in the router provides several benefits:
- No SSL configuration required inside Apache or Nginx
- Same behavior across different web server engines
- Faster site setup
- Centralized certificate management
- Cleaner virtual host configuration
This architecture ensures HTTPS works the same regardless of which web server you use.
Troubleshooting
If HTTPS is not working:
Check HTTPS is enabled
Open the site settings and confirm Use HTTPS is enabled.
Verify the certificate exists
Look inside:
ForgeKit/certs/domains/
Verify the CA is trusted
Open:
certlm.msc
Navigate to:
Trusted Root Certification Authorities → Certificates
Ensure ForgeKit Local Root CA is present.
Restart ForgeKit
If certificates were deleted manually, restarting ForgeKit will regenerate them automatically.
Summary
ForgeKit provides fully automatic HTTPS for local development:
- Automatic local CA creation
- Automatic certificate generation
- Automatic renewal
- Router-based TLS termination
- Optional forced HTTPS redirects
Once enabled, your local sites behave exactly like production HTTPS environments.
Continue to → Updating ForgeKit