Remove SSL from a Local Site

Support
1

I am using Local 3.2.1 and love how easy it is to secure a local site with SSL. To do that, all I have to do is hit the “Trust” button. Wow.

However, if I want to remove SSL security from a site so that it runs as plain “http” again, I have no idea what to do. So two questions:

(1) Is it possible to access a secure local site via “http”? In my experience all plain “http” requests are turned into “https” automatically.

(2) If not, is it possible to remove SSL security from an existing secure local site? I have tried commenting out the three SSL-related lines in wp-config.php, but that does not help. I don’t see anything SSL related in .htaccess. There is no “Remove Trust” button on the SSL pane of the Local app. How can I get rid of SSL on a site?

Thanks for any clues!

2

Hey @efc

There isn’t a specific process for removing a certificate using Local.

When the “Trust” button is pushed, it registers a certificate with the Operating System. You should be able to remove the certificate using the tools that come with the OS.

Here’s a good resource that outlines the process for various Operating Systems:

To summarize what they have there:

Windows

  • Press the Windows or Start button, then type “MMC” into the run box. This will launch Microsoft Management Console.
  • Select File, then Add/Remove Snap-In
  • Select “Certificates” from the field on the left, then click Add.
  • On the next window, choose “Computer Account,” then select “Local Computer,” click OK.
  • In MMC, select the arrow beside “Certificates (Local Computer),” this will reveal the certificate stores.
  • Select the arrow beside the Root Certificate you would like to remove/disable, the click the “Certificates” folder.
  • Find the certificate you’re trying to delete in the list, right-click it and choose “Properties.”
  • Select “Disable all purposes for this certificate,” click Apply.
  • Now, just restart your machine.

Mac

  • With the Finder selected, click Go and select Utilities (alternatively, press Shift + Command + U)
  • Double-click on KeyChain Access, select System Roots.
  • Find the root certificate you want to delete and double-click on it.
  • In the window that pops up, under “Trust,” select “When using this certificate” and choose “never trust.”
3

So are you saying that if I remove the cert from the OS then Local will no longer force the site to use “https” instead of “http”?

In the end, I don’t really care whether the cert is present or not, I just want the Local site to ignore it and use “http”.

4

Local only helps you setup the certificate so that you can test things over HTTPS more easily. Local doesn’t do anything to “force” https.

More than likely what’s going on is that the URLs within the database are using HTTPS, or there’s a plugin that forcing HTTPS.

You can update the urls by using a plugin like this: Search & Replace – WordPress plugin | WordPress.org
or by logging into the site over SSH by right-clicking and selecting “Open Site SSH”.

If you do the “Open site SSH” route, then once the terminal is open, you can issue a command like this (update the local url to be correct):

wp search-replace 'https://example.local' 'http://example.local'

I like the terminal way because it doesn’t require any additional software. Let me know if you have any other questions, or need anything else!