- Yes, Ghostlab supports sites using the HTTPS protocol, i.e., you can add both
http://www.apple.comandhttps://www.apple.comas sites in Ghostlab. By default, Ghostlab’s own server serves the content over HTTP, though. If the site you’re testing uses a client-side protocol detection and forces a redirection to HTTPS, which will result in an invalid URL for Ghostlab, you most likely need to adjust the JavaScript Rewriting level. - Yes, Ghostlab v3 also supports serving content over HTTPS. Please note that earlier versions of Ghostlab don’t have this feature.
To activate the HTTPS server, you’ll need a server certificate and a private key. For testing purposes, you can create a self-signed certificate as described below, then in the Preferences > Security > HTTPS Server section, tick “enable HTTPS server” and enter the paths to your certificate and key files. For ease of use, you can also have Ghostlab auto-generate a self-signed certificate by checking the respective option.
Caveat: All communications with Ghostlab use HTTPS if it is activated. If you are using a self-signed certificate, you will need to add certificate exceptions manually for the Ghostlab server IP with the Websocket port in Firefox and Internet Explorer / MS Edge. (You can set the port number to a fixed value in Preferences > Advanced > Networking > Websocket port.) If you do not do that, the browsers will not show up in the client list and the synchronization will not work.
Creating a self-signed certificate
(Note that when using a self-signed certificate, the browser will tell you that the site you want to view is not trusted.)
Open a terminal / PowerShell window and cd to the directory in which you want to save the certificate and key.
Copy and paste the following command:
openssl req -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 9999
and answer the questions in the prompt. The certificate is saved to the file cert.pem, the private key to the file key.pem.