mkcert: Zero-Config Local SSL Certificates for Developers
Ever hit that annoying "Your connection is not private" warning while testing HTTPS locally? Or wasted hours configuring self-signed certs that browsers still don’t trust? Enter mkcert—a dead-simple tool that generates locally trusted SSL certificates with zero configuration.
Created by Filippo Valsorda (of age and step-ca fame), mkcert automates the pain away by handling CA creation, system trust stores, and cross-browser compatibility. No more openssl incantations or security warnings—just valid HTTPS for localhost, *.test domains, or any name you need.
What It Does
mkcert creates:
- A local Certificate Authority (CA) (installed in your system/browser trust stores).
- Development certificates signed by that CA, valid for custom domains/IPs like
myapp.testor127.0.0.1.
Unlike self-signed certs, these are automatically trusted by browsers and tools (Chrome, Firefox, Java, Node.js, etc.), so you get green padlocks everywhere.
Why It’s Cool
- No config: Run
mkcert -install, then generate certs with any names. Done. - Cross-platform: Works on macOS, Linux, Windows, and even handles Firefox Snap packages.
- No more
https://errors: Perfect for local dev, Docker, or testing service workers. - Lightweight: Single binary, no daemons or dependencies.
How to Try It
- Install:
brew install mkcert # macOS/Linux # or: choco install mkcert (Windows) - Set up the CA:
mkcert -install - Generate certs:
This createsmkcert myapp.local localhost 127.0.0.1 ::1myapp.local.pemandmyapp.local-key.pem—drop them into your server config.
Final Thoughts
mkcert is one of those tools that feels like cheating. It replaces a tedious process (manual cert generation) with two commands, letting you focus on actual development. If you’ve ever fought with SSL locally, this is worth 60 seconds of setup.
For more, check out the GitHub repo or the project site.