Posts: 12
Registered: ‎12-08-2016

Re: Is SSL required for localhost development and testing?



You'll notice in the code sample I provided that the server is connecting to a secure site.


It uses HTTPS to connect to and pull the Accept.js javascript code. This is working, which indicates that my server can connect to HTTPS.


You'll then see the error message I provided was an error message, which means the javascript code that was pulled from a secure site, was functioning.


Then the error message says that https is required.


Therefore, I believe that in order to test and develop, that HTTPS is required for your local server.


That's the entire point of this thread. I was unable to verify this by looking through documentation, and looking through other forum posts. So I wanted to confirm that was the case.


I'm also hoping this will help others some day when they're curious about the same thing. This will provide a definitive answer. :) Any chance you could have a dev double-check and confirm this explicitly? Since there is an error message, I assume it's not a bug on's side.




Posts: 143
Registered: ‎11-03-2016

Re: Is SSL required for localhost development and testing?

Hi @dustin1,


I can confirm that the page calling the Accept.js script does need to be served from a server supporting a secure connection. If you're testing locally, that means that the server you're running on your machine needs to support https, although you don't have to have a domain certificate to do that (as Lilith points out).


The Accept.js documentation does list the error message: 

E_WC_02A HTTPS connection is required.The page on which you’re including Accept.js must be served over an HTTPS connection.


However, it's not explicit in the documentation that you'll get that error message anytime that page is served insecurely, so it's not clear to the reader if this error message is listed as just a possible thing you might see depending on situation.


I'm making a note to put an explicit mention of the requirement on this page to avoid future confusion. Hope that helps!


Aaron Wright
Developer Evangelist - Authorize.Net

Follow Authorize.Net developer news on Twitter!
Posts: 12
Registered: ‎12-08-2016

Re: Is SSL required for localhost development and testing?

Thank you for confirming this. Your response is the answer to the original post of this thread. Appreciate it.


As a web developer, I work on programming over a dozen different websites. All of my production websites have HTTPS with domain certificates.


Locally, however, I do all of my development on a non-https localhost site. I set up hosts like and and so on.


There are a number of third-party services which require HTTPS for production, but allow for HTTP during development.


I would just throw out my request that when using sandbox, that HTTPS would not be required, as it would make it easier.


As I mentioned in my last post. I did end up configuring https on my local machine for the dev site while I build in an implementation. It's just unfortunate because if I have to dev for for more than one site, apache won't let me use https for more than one domain at a time so I'll have to restart my localhost server each time I switch projects.


Not a show stopper, but definitely something I'd appreciate you considering.


If you'd like, it might even be a sandbox option that defaults to require https on the web server, that can be turned off. So that most cases it'll be like it currently is, but for advanced users, such as in my case, I could turn it off. Since I've got it set up on all my production servers, and I know what I'm doing.


Thanks for your help. Case closed.

Posts: 281
Topics: 5
Kudos: 20
Blog Posts: 5
Ideas: 0
Solutions: 19
Registered: ‎11-09-2011

Re: Is SSL required for localhost development and testing?

@dustin1 Sorry if I engendered any confusion in this discussion. I did get a bit more detail, however.

The Javascript we provide includes the window.location.protocol property, which tells us if the page evoking the script is using HTTP or HTTPS. And we do require HTTPS for that property.

I also confirmed that we have a feature request to allow HTTP for window.location.protocol, if window.location.hostname equals "localhost". So hopefully this option will be available in the near future.

Since you do (after all) need HTTPS on your test server, is a possible option for you, so you don't have to spend extra money on a certificate for that server?

Posts: 12
Registered: ‎12-08-2016

Re: Is SSL required for localhost development and testing?

Thanks for the extra info.


LetsEncrypt does work for testing locally for SSL, but you can also create a self-signed cert for localhost testing.


I'd recommend LetsEncrypt more so for production servers since those are actual valid domain certificates.