BestHub
Sign in
Information Security 5 min read

Why mkcert Is the Easiest Way to Generate Trusted Local SSL Certificates

mkcert, an open‑source tool by Filippo Valsorda, lets developers quickly create and trust local SSL/TLS certificates across Linux, macOS, and Windows without manual configuration, offering zero‑setup installation, multi‑domain support, advanced features, and simple Nginx integration for secure local testing.

Liangxu Linux
Liangxu Linux
Liangxu Linux
Why mkcert Is the Easiest Way to Generate Trusted Local SSL Certificates

What Is mkcert?

mkcert is a free, open‑source utility created by Filippo Valsorda that generates locally trusted SSL/TLS certificates. By running a single command, it automatically creates and installs a local Certificate Authority (CA) so that the certificates it produces are trusted by the operating system.

Open‑Source Success

Since its release, mkcert has attracted over 49 K stars on GitHub, making it a popular choice for developers who need quick, reliable HTTPS support in local environments.

Key Features

Zero‑configuration : After installing mkcert, a few simple commands generate trusted certificates without manual CA setup.

Multiple domains and IPs : Supports localhost, custom domains, and specific IP addresses in a single certificate.

Cross‑platform : Works on Linux, macOS, and Windows.

Advanced options : Can produce client authentication certificates, ECDSA keys, PKCS#12 bundles, and more.

Installation Guide

1. Install mkcert

Download the pre‑compiled binary for your OS from the mkcert GitHub releases page, or use a package manager: brew install mkcert For Firefox users on macOS, also install nss:

# if you use Firefox
brew install nss

Run the following command to add the local CA to the system trust store:

mkcert -install

2. Generate a Certificate

Use mkcert to create a certificate for one or more hostnames/IPs: mkcert example.com localhost 127.0.0.1 This command produces two files in the current directory: example.com+1.pem – the certificate example.com+1-key.pem – the private key

3. Configure Nginx

Place the generated files where Nginx can read them and add them to a server block:

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /path/to/example.com+1.pem;  # certificate file
    ssl_certificate_key /path/to/example.com+1-key.pem;  # private key file
    # other configuration …
}

Reload or restart Nginx, and the site will be reachable via HTTPS with a trusted certificate.

Conclusion

mkcert removes the friction of creating and trusting SSL certificates for local development, dramatically speeding up HTTPS testing while maintaining security. Its simplicity, cross‑platform support, and powerful features make it an essential tool for any developer working with secure local services.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

NginxCertificateHTTPSSSLopen-sourceLocal Developmentmkcert
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment