Daily Tech News, Interviews, Reviews and Updates

Generate Locally-Trusted SSL Certificates With mkcert: Here’s How

mkcert is said to be a simple tool for generating locally-trusted development certificates and does not require any configuration. While using certificates from CAs (real certificate authorities) is considered dangerous for development, or may be impossible for host such as ‘example.test’, ‘localhost’, and ‘127.0.0.1’, and also while trust errors may occur when relying on self-signed certificates, managing own CA is believed to be the best solution there is. However, specialized knowledge, arcane commands, and manual steps are involved.

mkcert can be used to automatically create and install a local CA in the root store of the system, and it also generates locally-trusted certificates too. This article will take you through how mkcert will be able to generate locally-trusted SSL certificates.

Locally-Trusted SSL Certificates With mkcert

Speaking of the installation, on macOS – ‘Homebrew’ and ‘MacPorts’ can be used; on Linux – first install ‘certutil’ and then use ‘Homebrew’ or build from source (Go 1.13+ required) or use pre-built binaries (on Arch Linux, mkcert is available in the Arch Linux repository); and on Windows – use ‘Chocolatey’ or use ‘Scoop’, or use pre-built binaries, or build from source (Go 1.10+ required). To add, if users are running into permission problems, it is recommended to run mkcert as an administrator.

About the supported root stores, mkcert supports macOS system store, Windows system store, Linux variants providing ‘update-ca-trust’ (Fedora, RHEL, CentOS)/ ‘update-ca-certificates’ (Ubuntu, Debian, OpenSUSE, SLES)/ ‘trust’ (Arch), Firefox (only macOS & Linux), Chrome & Chromium, and Java (when JAVA_HOME is being set).

To note, rootCA-key.pem that mkcert generates automatically should never be exported or shared, as it gives the complete power to intercept all secure requests from the machine, and can be misused.

Source 1
Via 1

Get real time updates directly on you device, subscribe now.



You might also like