TL;DR — Quick Summary
mkcert creates locally-trusted HTTPS certificates with zero configuration. Develop with HTTPS on localhost — no more browser security warnings.
mkcert makes HTTPS in local development trivial. One command installs a local CA, another generates trusted certificates. No more self-signed certificate warnings, no more clicking through browser security prompts.
Installation
# macOS
brew install mkcert
brew install nss # For Firefox support
# Arch Linux
sudo pacman -S mkcert
# Windows
choco install mkcert
# Install the local CA (one-time setup)
mkcert -installGenerate Certificates
# For localhost
mkcert localhost 127.0.0.1 ::1
# Creates: localhost+2.pem and localhost+2-key.pem
# For custom domains
mkcert myapp.local "*.myapp.local"
# Creates: myapp.local+1.pem and myapp.local+1-key.pem
# Wildcard
mkcert "*.local.dev"Usage with Dev Servers
Node.js
const https = require('https');
const fs = require('fs');
https.createServer({
cert: fs.readFileSync('./localhost+2.pem'),
key: fs.readFileSync('./localhost+2-key.pem')
}, app).listen(3000);Vite
// vite.config.js
import fs from 'fs';
export default {
server: {
https: {
cert: fs.readFileSync('./localhost+2.pem'),
key: fs.readFileSync('./localhost+2-key.pem')
}
}
}Nginx
server {
listen 443 ssl;
ssl_certificate /path/to/localhost+2.pem;
ssl_certificate_key /path/to/localhost+2-key.pem;
}Security Notes
# Find where the CA is stored
mkcert -CAROOT
# Output: /Users/you/Library/Application Support/mkcert
# NEVER share the rootCA-key.pem file
# NEVER use mkcert certificates in production
# The CA is only trusted on YOUR machineSummary
- mkcert creates locally-trusted HTTPS certificates in seconds
- One-time CA installation, then generate certs for any local domain
- Works with Node.js, Vite, Nginx, Apache, Go, Python, and any PEM-compatible server
- Eliminates browser security warnings for local development
- Safe: CA is local-only, never share the root key