Quickly Generate Trusted Local SSL/TLS Certificates with mkcert – Installation, Usage, and Nginx Configuration

In local development environments, configuring HTTPS has long been a pain point due to the manual creation of SSL certificates and trust stores. The article introduces mkcert , a free open‑source utility that automates the generation and installation of locally trusted certificates across Linux, macOS, and Windows.

What is mkcert?

Developed by Filippo Valsorda, mkcert creates trusted local SSL/TLS certificates with a single command, simplifying HTTPS setup for developers.

Open‑source Achievements

mkcert has earned 49.2K stars on GitHub, making it a popular choice for both novice web developers and seasoned backend engineers.

Main Features

1. Zero configuration, saves time

After installing mkcert, a few simple steps generate and trust a local certificate without the hassle of manual configuration.

2. Supports multiple domains and IP addresses

It can generate certificates for localhost, custom domains, and specific IP addresses, covering diverse testing scenarios.

3. Cross‑platform support

mkcert runs on Linux, macOS, and Windows, ensuring seamless usage across environments.

4. Advanced capabilities

Beyond basic SSL, mkcert can produce client authentication certificates, ECDSA keys, PKCS#12 files, and more for complex security needs.

Installation and Usage Tutorial

1. Install mkcert

Download the pre‑compiled binary for your OS from the mkcert GitHub page.

Run the following command to install the local CA:

mkcert -install

On macOS you can also use Homebrew:

brew install mkcert
brew install nss  # if you use Firefox

2. Generate a certificate

To create a certificate for a project, execute:

mkcert example.com localhost 127.0.0.1

This generates two files: example.com+1.pem (certificate) and example.com+1-key.pem (private key).

3. Configure Nginx

Place the generated files in your server and update the Nginx configuration as follows:

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /path/to/example.com+1.pem;  # certificate path
    ssl_certificate_key /path/to/example.com+1-key.pem;  # private key path

    # other configuration...
}

Reload Nginx to enable HTTPS access to the local site.

Summary

mkcert simplifies SSL certificate generation and management, greatly improving developer efficiency when testing HTTPS locally while maintaining security.

Promotional Section – AI Club & DeepSeek Resources

The author also advertises a paid AI community offering DeepSeek scenario collections, exclusive ChatGPT accounts, tutorials, and various bonuses. Prices, early‑bird discounts, and membership benefits are detailed, encouraging readers to join the community for AI‑related learning and side‑project opportunities.

Additional links promote other open‑source projects, interview question collections, and paid services.