mkcert: Zero-Config Local HTTPS Certificates for Development

TL;DR — Quick Summary

mkcert creates locally-trusted HTTPS certificates with zero configuration. Develop with HTTPS on localhost — no more browser security warnings.

mkcert makes HTTPS in local development trivial. One command installs a local CA, another generates trusted certificates. No more self-signed certificate warnings, no more clicking through browser security prompts.

Installation

# macOS
brew install mkcert
brew install nss  # For Firefox support

# Arch Linux
sudo pacman -S mkcert

# Windows
choco install mkcert

# Install the local CA (one-time setup)
mkcert -install

Generate Certificates

# For localhost
mkcert localhost 127.0.0.1 ::1
# Creates: localhost+2.pem and localhost+2-key.pem

# For custom domains
mkcert myapp.local "*.myapp.local"
# Creates: myapp.local+1.pem and myapp.local+1-key.pem

# Wildcard
mkcert "*.local.dev"

Usage with Dev Servers

Node.js

const https = require('https');
const fs = require('fs');

https.createServer({
  cert: fs.readFileSync('./localhost+2.pem'),
  key: fs.readFileSync('./localhost+2-key.pem')
}, app).listen(3000);

Vite

// vite.config.js
import fs from 'fs';
export default {
  server: {
    https: {
      cert: fs.readFileSync('./localhost+2.pem'),
      key: fs.readFileSync('./localhost+2-key.pem')
    }
  }
}

Nginx

server {
    listen 443 ssl;
    ssl_certificate /path/to/localhost+2.pem;
    ssl_certificate_key /path/to/localhost+2-key.pem;
}

Security Notes

# Find where the CA is stored
mkcert -CAROOT
# Output: /Users/you/Library/Application Support/mkcert

# NEVER share the rootCA-key.pem file
# NEVER use mkcert certificates in production
# The CA is only trusted on YOUR machine

Summary

mkcert creates locally-trusted HTTPS certificates in seconds
One-time CA installation, then generate certs for any local domain
Works with Node.js, Vite, Nginx, Apache, Go, Python, and any PEM-compatible server
Eliminates browser security warnings for local development
Safe: CA is local-only, never share the root key

Guide & Instructions

Estimated Time: 5m

Tools Needed:

mkcert
Terminal

Install mkcert

Install with brew install mkcert (macOS), choco install mkcert (Windows), or from GitHub releases.

Install the local CA

Run mkcert -install to create and install a local Certificate Authority in your system trust store.

Generate certificates

Run mkcert localhost 127.0.0.1 ::1 to generate cert.pem and key.pem files trusted by your browser.

Use with your dev server

Configure your server to use the generated files. For Vite: server.https with cert and key paths.

Add custom domains

Run mkcert myapp.local api.myapp.local to generate certs for custom local domains.

Frequently Asked Questions

What is mkcert?

mkcert is a tool that creates locally-trusted development certificates. It installs a local Certificate Authority (CA) in your system trust store and generates certificates signed by that CA — so browsers trust them without warnings.

Why do I need HTTPS in local development?

Many web APIs require HTTPS: Service Workers, WebAuthn, Secure Cookies, HTTP/2, camera/microphone access, and some OAuth providers. mkcert lets you develop with HTTPS without dealing with certificate complexity.

Is mkcert safe to use?

Yes, the CA is installed only on your local machine. Never share the CA key (stored in mkcert -CAROOT). Generated certificates are for development only and shouldn't be used in production.

Does mkcert work with Node.js and other servers?

Yes, use the generated cert.pem and key.pem files with any server: Node.js, Python, Go, Nginx, Apache, Caddy, or any tool that accepts PEM certificate files.