Using mkcert to Quickly Generate Trusted Local SSL/TLS Certificates for Development

Configuring HTTPS in a local development environment has long been a pain point because creating SSL certificates and setting up trust stores manually is cumbersome and error‑prone.

mkcert, a free open‑source utility created by Filippo Valsorda, lets developers quickly generate locally trusted SSL/TLS certificates across multiple operating systems.

What is mkcert?

mkcert automatically creates and installs a local Certificate Authority (CA) and issues certificates that are trusted by the system, simplifying HTTPS setup for developers.

mkcert’s Open‑Source Achievements

With a simple and efficient design, mkcert has earned over 49.2K stars on GitHub, making it a popular choice for both newcomers and seasoned backend engineers.

Main Features

1. Zero configuration, saves time

After installing mkcert, a few commands generate and trust certificates without any manual configuration.

2. Supports multiple domains and IP addresses

It can create certificates for localhost, custom domains, and specific IP addresses, covering diverse testing scenarios.

3. Cross‑platform support

mkcert works on Linux, macOS, and Windows, ensuring seamless usage across environments.

4. Advanced capabilities

Beyond basic certificates, mkcert can generate client authentication certificates, ECDSA keys, PKCS#12 files, and more for complex use cases.

Installation and Usage Guide

1. Install mkcert

Download the pre‑compiled binary for your OS from the mkcert GitHub page.

mkcert -install

On macOS you can also use Homebrew:

brew install mkcert
brew install nss # if you use Firefox

This command installs a local CA certificate into the system trust store, so all certificates generated by mkcert are trusted.

2. Generate a certificate

Run the following command to create a certificate for your project:

mkcert example.com localhost 127.0.0.1

The command produces two files: example.com+1.pem (the certificate) and example.com+1-key.pem (the private key), which can be used in server configurations.

3. Configure Nginx

Place the generated files in your server and update the Nginx configuration as shown:

server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/example.com+1.pem;  # certificate path
ssl_certificate_key /path/to/example.com+1-key.pem;  # private key path
# other configurations...
}

After reloading Nginx, your local site will be accessible via HTTPS.

Conclusion

mkcert makes generating and managing SSL certificates straightforward, greatly improving efficiency for developers who need to test HTTPS locally while maintaining security.

Note: The article also contains promotional material for a ChatGPT community, private account services, and related offers, which are not part of the technical tutorial.