I think your local hostname is a little more creative than mine which is MacBook-Pro.local. My Use dynamic global hostname is off. In creating the certificate from the authority do I leave the IPAddress: as 127.0.0.1 or use the ip on my LAN? I left it as 127.0.0.1 as neither the documentation or your response said I should change it to 10.0.0.5. I got an error running this: openssl pkcs12 -in certificate.p12 -out server.key -nodes Here is the error: Error outputting keys and certificates 40E24F0202000000:error:0308010C:digital envelope > routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties () However, I am using this on Kestrel which seems to take the p12 or pfx. I am getting this error: Connection 4: default TLS Trust evaluation failed(-9813) Connection 4: TLS Trust encountered error 3:-9813 Connection 4: encountered error(3:-9813) Task .<2> HTTP load failed, 0/0 bytes (error code: -1202 [3:-9813]) Task .<2> finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “macbook-pro.local” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x105160a00) s: MacBook-Pro.local i: XXXXXXXXXXX Dev CA>", "<cert(0x105150400) s: XXXXXXXXXX Dev CA i: XXXXXXXXXX Dev CA>" ), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://macbook-pro.local:5001/api/TestAPI, NSErrorFailingURLStringKey=https://macbook-pro.local:5001/api/TestAPI, NSUnderlyingError=0x302a09620 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x30141fa20>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, kCFStreamPropertySSLPeerCertificates=( "<cert(0x105160a00) s: MacBook-Pro.local i: XXXXXXXXXX Dev CA>", "<cert(0x105150400) s: XXXXXXXXXX Dev CA i: XXXXXXXXXX Dev CA>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask .<2>" ), _kCFStreamErrorCodeKey=-9813, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask .<2>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x30141fa20>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “macbook-pro.local” which could put your confidential information at risk.}

If I'm trying to connect to a service running on my local MacBook on my local LAN and I have an iPhone connected to my MacBook, how do I reference the API services on my MacBook without using the IP? Can I use the IP or is it just bad practice? If I can, do I need to configure the CA or exported .p12 in some specific way to allow it? Otherwise, is there a way to call the connected MacBook with something other than the IP from the USB connected phone?

I read through the thread but it was hard to follow. I did go to the website referenced, which was very helpful (https://blog.arrogantrabbit.com/ssl/Root-CA-macOS/) but also needed to know how to deal with a wired iPhone vs a simulator or web page as I think Subject Alternate Name Extension becomes a factor and for that step in the CA creation it states: Unchecked, Unless you have good reason to provide alternate names Which this might be. Do you know? Would I use the Mac's local DNS name for this?