mkcert
Generate locally-trusted development certificates with automatic CA management for HTTPS testing
mkcert is a certificate generation tool that creates locally-trusted TLS certificates for development environments. It automatically creates and installs a local Certificate Authority (CA) in the system trust store, then generates certificates that browsers and applications will trust without security warnings. The tool eliminates the common development problem of self-signed certificate trust errors while avoiding the complexity of managing production CAs for local development.
The tool supports multiple certificate formats including standard PEM files, PKCS#12 (.p12/.pfx) for legacy applications, and S/MIME certificates for email addresses. It can generate certificates for multiple domains, IP addresses, and wildcards in a single command, with support for both RSA and ECDSA keys. Advanced features include client authentication certificates and CSR-based certificate generation.
mkcert integrates with major trust stores across platforms including macOS/Windows system stores, Linux certificate management tools (update-ca-trust, update-ca-certificates), Firefox NSS, Chrome/Chromium, and Java keystores when JAVA_HOME is set. Mobile device support requires manual CA installation, and Node.js requires setting the NODE_EXTRA_CA_CERTS environment variable to recognize the certificates.
Developers working on HTTPS-enabled applications, API testing, or any local development requiring trusted certificates would use this tool. It's particularly valuable for testing scenarios involving localhost, custom domains, or IP addresses that cannot obtain certificates from public CAs.
Installation
# via Homebrew
brew install mkcert
# via Chocolatey
choco install mkcert
# via Scoop
scoop bucket add extras && scoop install mkcert
