Feature Request: One-Click SSL Certificate Installation #9
Description
Feature Request: One-Click SSL Certificate Installation
Problem
When connecting to BSV Desktop via HTTPS (https://localhost:2121), users encounter SSL certificate errors because the self-signed certificate is not trusted by their system by default.
Current user experience:
- User starts BSV Desktop
- Web application tries to connect to
https://localhost:2121 - Browser shows SSL error (ERR_CERT_AUTHORITY_INVALID)
- User must manually download and install the certificate
- Process differs per platform (macOS/Windows/Linux)
- Many users don't know how to install certificates
This creates a significant barrier to adoption and generates support requests.
Proposed Solution
Add a built-in certificate installer to BSV Desktop that automates the trust process.
Implementation Options
Option 1: First-Run Setup Wizard
When BSV Desktop starts for the first time, show a setup wizard:
┌─────────────────────────────────────────┐
│ BSV Desktop Setup │
├─────────────────────────────────────────┤
│ │
│ Step 1: Install SSL Certificate │
│ │
│ To enable secure HTTPS connections, │
│ BSV Desktop needs to install a │
│ certificate to your system keychain. │
│ │
│ This requires administrator access. │
│ │
│ [Install Certificate] [Skip] │
│ │
└─────────────────────────────────────────┘
After clicking "Install Certificate":
- macOS: Execute
security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain-db cert.pem - Windows: Execute
certutil -addstore -f "ROOT" cert.pem - Linux: Copy to
/usr/local/share/ca-certificates/and runupdate-ca-certificates
Option 2: Certificate Installation Endpoint
Add a new endpoint to BSV Desktop:
GET /install-certificate
Returns platform-specific installation instructions and downloadable installers:
{
"platform": "macos",
"certificateUrl": "https://localhost:2121/certificate",
"installerUrl": "https://localhost:2121/install-certificate/installer.command",
"instructions": [
"Download the certificate",
"Run the installer script",
"Enter your password when prompted",
"Restart your browser"
]
}Downloadable installers:
macOS (.command file):
#!/bin/bash
echo "🔐 Installing BSV Desktop Certificate..."
curl -k -o /tmp/bsv-desktop.pem https://localhost:2121/certificate
security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain-db /tmp/bsv-desktop.pem
echo "✅ Certificate installed! Please restart your browser."Windows (.bat file):
@echo off
echo Installing BSV Desktop Certificate...
curl -k -o %TEMP%\bsv-desktop.pem https://localhost:2121/certificate
certutil -addstore -f "ROOT" %TEMP%\bsv-desktop.pem
echo Certificate installed! Please restart your browser.
pauseLinux (.sh file):
#!/bin/bash
echo "🔐 Installing BSV Desktop Certificate..."
curl -k -o /tmp/bsv-desktop.pem https://localhost:2121/certificate
sudo cp /tmp/bsv-desktop.pem /usr/local/share/ca-certificates/bsv-desktop.crt
sudo update-ca-certificates
echo "✅ Certificate installed! Please restart your browser."Option 3: Certificate Trust Status Indicator
Add a visual indicator in BSV Desktop's UI:
┌─────────────────────────────────────────┐
│ BSV Desktop │
├─────────────────────────────────────────┤
│ │
│ ⚠️ Certificate Not Trusted │
│ │
│ Web applications can't connect │
│ securely until you trust the │
│ certificate. │
│ │
│ [Install Certificate Now] │
│ │
└─────────────────────────────────────────┘
Add an endpoint to check certificate trust status:
GET /certificate-status
{
"trusted": false,
"platform": "macos",
"installationRequired": true,
"quickInstallUrl": "https://localhost:2121/install-certificate/auto"
}Benefits
For Users
- ✅ One-click installation instead of complex manual steps
- ✅ Platform-specific guidance (no need to figure out OS differences)
- ✅ Faster onboarding (minutes instead of hours)
- ✅ Fewer errors (automated process is less error-prone)
For Developers
- ✅ Fewer support requests about SSL errors
- ✅ Better adoption (lower barrier to entry)
- ✅ Professional UX (matches expectations from other wallet software)
For the Ecosystem
- ✅ More BSV Desktop users (easier setup = more adoption)
- ✅ Better developer experience when building BSV apps
- ✅ Standardized installation across platforms
Technical Considerations
Security
- ✅ Self-signed certificates are the correct approach for localhost
- No CA will issue certificates for localhost (security policy)
- Self-signed certs are standard practice (Docker, Kubernetes, etc.)
- ✅ User maintains full control (can revoke trust anytime)
- ✅ Certificate only valid for localhost (no external attack surface)
Platform Support
- ✅ macOS:
securitycommand (built-in) - ✅ Windows:
certutilcommand (built-in) - ✅ Linux:
update-ca-certificates(standard on most distros)
Compatibility
- ✅ Works with all major browsers (Chrome, Firefox, Safari, Edge)
- ✅ No changes to BSV Desktop's core architecture needed
- ✅ Backwards compatible (users can still install manually)
Alternative Approaches Considered
❌ CA-Signed Certificate for Localhost
Not possible: No Certificate Authority will issue certificates for localhost due to CA/Browser Forum Baseline Requirements. This is a security policy to prevent global MITM attacks.
❌ Browser Extension
Major architectural change: Would require rebuilding BSV Desktop as a browser extension, losing the benefits of a native application.
❌ Public Domain with Reverse Proxy
Security risk: Would route private keys over the internet, violating core security principles of local-first wallet design.
Implementation Priorities
Phase 1 (Quick Win)
- Add
/install-certificateendpoint with platform-specific installer scripts - Improve documentation with step-by-step guides per platform
Phase 2 (Better UX)
- Add first-run setup wizard with certificate installation
- Add certificate trust status indicator in UI
- Add
/certificate-statusendpoint
Phase 3 (Advanced)
- Auto-detect if certificate is already trusted (skip wizard)
- Add "Repair Certificate" option if trust is broken
- Add telemetry to track installation success rate
Example Implementation
I've built a proof-of-concept client-side certificate installer while developing my BSV applications. This demonstrates the approach works well:
Features:
- ✅ Auto-detects SSL certificate errors
- ✅ Shows platform-specific installation instructions
- ✅ Provides downloadable certificate + installer scripts
- ✅ Tests connection after installation
- ✅ Works with all BSV Desktop ports (2121, 3321, 3322, 3301)
This validates that automated certificate installation significantly improves UX. (Feel free to check my profile if you're interested in the implementation details.)
Request
Please consider adding built-in certificate installation support to BSV Desktop. This would:
- ✅ Reduce friction for new users
- ✅ Decrease support burden
- ✅ Improve professional perception of BSV tooling
- ✅ Accelerate ecosystem growth
Happy to contribute code or documentation if helpful!
Additional Feature Request: Built-in Changelog/Release Notes Access
Context
As a developer actively building production BSV applications in parallel to BSV Desktop's development, I'm constantly working with the latest features and need to stay updated on changes in real-time.
Proposed Enhancement
Add a Changelog/Release Notes endpoint to BSV Desktop:
GET /changelog
{
"currentVersion": "1.2.3",
"latestVersion": "1.2.3",
"updateAvailable": false,
"changelog": [
{
"version": "1.2.3",
"releaseDate": "2025-10-18",
"changes": [
"Added certificate installation wizard",
"Fixed WebSocket reconnection issue",
"Improved error messages for authentication failures"
],
"breakingChanges": [],
"url": "https://github.com/bsv-blockchain/bsv-desktop/releases/tag/v1.2.3"
},
{
"version": "1.2.2",
"releaseDate": "2025-10-10",
"changes": [
"Performance improvements",
"Bug fixes"
],
"breakingChanges": [],
"url": "https://github.com/bsv-blockchain/bsv-desktop/releases/tag/v1.2.2"
}
]
}GET /changelog/latest - Returns only the latest release notes
GET /changelog/breaking-changes - Returns only versions with breaking changes
Benefits
For Developers:
- ✅ Quick access to release notes without leaving the development workflow
- ✅ API-first approach - can display changelog in web apps automatically
- ✅ Version checking - programmatically verify BSV Desktop version
- ✅ Breaking change detection - avoid compatibility issues
For BSV Desktop Team:
- ✅ Better communication of new features to developers
- ✅ Reduced support burden (developers see what changed)
- ✅ Faster adoption of new features
Use Cases
1. Version Compatibility Check:
const { currentVersion } = await fetch('https://localhost:2121/changelog').then(r => r.json());
if (compareVersions(currentVersion, '1.2.0') < 0) {
alert('Please update BSV Desktop to v1.2.0 or higher');
}2. Automatic Update Notifications:
const { updateAvailable, latestVersion } = await fetch('https://localhost:2121/changelog').then(r => r.json());
if (updateAvailable) {
showNotification(`BSV Desktop ${latestVersion} is available!`);
}3. In-App Changelog Display:
Show users what's new directly in the web application without redirecting to GitHub.
Implementation
Could be as simple as:
- BSV Desktop fetches https://api.github.com/repos/bsv-blockchain/bsv-desktop/releases on startup
- Caches the data locally
- Serves it via
/changelogendpoint - Updates cache every 24 hours
Real-World Context
As someone developing production BSV applications in parallel to BSV Desktop's ongoing development, having instant access to changelog would help:
- Know when new endpoints are available
- Detect breaking changes before they affect production
- Update documentation immediately
- Test new features as soon as they're released
- Coordinate development cycles (my apps + BSV Desktop releases)
This would significantly improve the developer experience when building on BSV Desktop, especially for early adopters who develop alongside the project!
Related Issues
- [Link to any related GitHub issues if they exist]
Additional Context
Current workarounds:
- Manual installation instructions (complex, platform-specific)
- Client-side installers (like mine) - work but require user action
- Users accepting certificate warnings (insecure, not recommended)
Best practice examples:
- Docker Desktop (auto-installs certificate on first run)
- mkcert (developer tool for local HTTPS)
- Kubernetes/minikube (includes certificate setup in installation)
Thank you for considering this feature request! 🙏
BSV Desktop is an excellent tool, and automated certificate installation would make it even better.
