BestHub
Sign in
Information Security 6 min read

How to Instantly Generate Trusted Local SSL Certificates with mkcert

This guide explains what mkcert is, its key features, and provides step‑by‑step instructions for installing the tool, generating trusted local SSL/TLS certificates for multiple domains and IPs, and configuring Nginx to enable HTTPS in a local development environment across Windows, macOS, and Linux.

Java Architect Essentials
Java Architect Essentials
Java Architect Essentials
How to Instantly Generate Trusted Local SSL Certificates with mkcert

What is mkcert?

mkcert, developed by Filippo Valsorda, is a free open‑source tool that generates locally trusted SSL/TLS certificates. It creates and installs a local CA with a single command, making HTTPS configuration in development environments effortless across Windows, macOS, and Linux.

mkcert’s Open‑Source Achievements

With a simple and efficient design, mkcert has earned 49.2 K stars on GitHub, becoming a popular choice for developers ranging from beginners to seasoned backend engineers.

Main Features of mkcert

1. Zero‑configuration, saves time

After installation, a few commands generate and trust a local certificate, eliminating the complex manual steps of traditional SSL creation.

2. Supports multiple domains and IP addresses

mkcert can issue certificates for localhost, custom domains, and specific IP addresses, covering diverse testing scenarios.

3. Cross‑platform support

It runs on Linux, macOS, and Windows, ensuring seamless usage across major operating systems.

4. Advanced capabilities

Beyond basic certificates, mkcert can produce client authentication certificates, ECDSA keys, PKCS#12 files, and more for complex security requirements.

Installation and Usage Guide

1. Install mkcert

Download the pre‑compiled binary for your OS from the mkcert GitHub releases page.

<code>mkcert -install</code>

On macOS you can also use Homebrew:

<code>brew install mkcert
brew install nss  # if you use Firefox</code>

This command adds a local CA to your system trust store, so any certificate generated by mkcert is trusted.

2. Generate a certificate

Run the following command to create a certificate for a domain, localhost, and an IP address:

<code>mkcert example.com localhost 127.0.0.1</code>

The command produces two files: example.com+1.pem (the certificate) and example.com+1-key.pem (the private key), which can be used in your server configuration.

3. Configure Nginx

Place the generated files in your server and update the Nginx configuration:

<code>server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /path/to/example.com+1.pem;  # certificate file
    ssl_certificate_key /path/to/example.com+1-key.pem;  # private key
    # other configuration...
}</code>

Reload or restart Nginx, and your local site will be accessible via HTTPS.

Conclusion

mkcert simplifies the creation and management of SSL certificates for local development, greatly improving efficiency and security for developers testing HTTPS.

NginxCertificateHTTPSSSLLocal Developmentmkcert
Java Architect Essentials
Written by

Java Architect Essentials

Committed to sharing quality articles and tutorials to help Java programmers progress from junior to mid-level to senior architect. We curate high-quality learning resources, interview questions, videos, and projects from across the internet to help you systematically improve your Java architecture skills. Follow and reply '1024' to get Java programming resources. Learn together, grow together.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment