The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Let's Encrypt, development still mostly ends up happening over HTTP because no one can get an universally valid certificate for localhost.
This is a problem because more and more browser features are being made available only to secure origins, and testing with HTTP hides any mixed content issues that can break a production HTTPS website. Developing with HTTPS should be as easy as deploying with HTTPS.
That's what mkcert is for.
mkcert is a simple by design tool that hides all the arcane knowledge required to generate valid TLS certificates. It works for any hostname or IP, including localhost, because it only works for you.
Here's the twist: it doesn't generate self-signed certificates, but certificates signed by your own private CA, which your machine is automatically configured to trust when you run mkcert -install. So when your browser loads a certificate generated by your instance of mkcert, it will show up with a green lock!
Quickstart
1. Download mkcert at GitHub FiloSottile
2. Install mkcert
$ mkcert -install
Install the local CA in the system trust store.3.1 Create Certificate
$ mkcert example.org
Generate "example.org.pem" and "example.org-key.pem".$ mkcert example.com myapp.dev localhost 127.0.0.1 ::1
Generate "example.com+4.pem" and "example.com+4-key.pem".3.2 Create Wildcard Ceritificate
$ mkcert '*.example.com'
Generate "_wildcard.example.com.pem" and "_wildcard.example.com-key.pem".3.3 Create PKCS #12 Certificate (Advanced Options)
$ mkcert -pkcs12 example.com
Generate "example.com.p12" instead of a PEM file.4. Uninstall Certificate
$ mkcert -uninstall
Uninstall the local CA (but do not delete it).Reference:
- GitHub - FiloSottile/mkcert
- Filippo.io - Create Valid HTTPS Certificates for localhost
- ComputingForGeeks - Create Locally Trusted SSL with mkcert