mkcert
Creates locally-trusted development certificates by managing a local CA for HTTPS testing
mkcert generates locally-trusted TLS certificates for development environments without configuration. It automatically creates and installs a local Certificate Authority (CA) in the system trust store, then issues certificates that browsers and applications accept without security warnings. The tool supports multiple names per certificate, including domains, subdomains, IP addresses, and email addresses for S/MIME certificates.
The tool integrates with multiple trust stores across platforms, including macOS and Windows system stores, Linux variants using update-ca-trust or update-ca-certificates, Firefox, Chrome/Chromium, and Java when JAVA_HOME is set. It generates standard PEM files by default but can output PKCS #12 files for legacy applications and supports both RSA and ECDSA key generation.
mkcert addresses the common development problem where real CAs cannot issue certificates for localhost or internal domains, while self-signed certificates trigger browser warnings. It eliminates the complexity of manual CA management while maintaining security through automated local CA installation. The tool is designed specifically for development use and includes safety warnings about protecting the root CA key file.
Installation
# via Homebrew
brew install mkcert
# via Chocolatey
choco install mkcert
# via Arch Linux
sudo pacman -Syu mkcert
