mkcert | A simple zero-config tool to make locally trusted development certificates with any names you'd like | TLS library

 by   FiloSottile Go Version: v1.4.4 License: BSD-3-Clause

kandi X-RAY | mkcert Summary

kandi X-RAY | mkcert Summary

mkcert is a Go library typically used in Security, TLS, Docker applications. mkcert has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can download it from GitHub.

mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration. Using certificates from real certificate authorities (CAs) for development can be dangerous or impossible (for hosts like example.test, localhost or, but self-signed certificates cause trust errors. Managing your own CA is the best solution, but usually involves arcane commands, specialized knowledge and manual steps. mkcert automatically creates and installs a local CA in the system root store, and generates locally-trusted certificates. mkcert does not automatically configure servers to use the certificates, though, that's up to you.

            kandi-support Support

              mkcert has a medium active ecosystem.
              It has 41304 star(s) with 2140 fork(s). There are 459 watchers for this library.
              It had no major release in the last 12 months.
              There are 91 open issues and 228 have been closed. On average issues are closed in 104 days. There are 28 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of mkcert is v1.4.4

            kandi-Quality Quality

              mkcert has 0 bugs and 0 code smells.

            kandi-Security Security

              mkcert has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              mkcert code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              mkcert is licensed under the BSD-3-Clause License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              mkcert releases are available to install and integrate.
              Installation instructions, examples and code snippets are available.
              It has 1209 lines of code, 46 functions and 8 files.
              It has high code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of mkcert
            Get all kandi verified functions for this library.

            mkcert Key Features

            No Key Features are available at this moment for mkcert.

            mkcert Examples and Code Snippets

            No Code Snippets are available at this moment for mkcert.

            Community Discussions


            Using a custom HTTPS cert in Nuxt (but only for dev mode)?
            Asked 2022-Apr-17 at 04:39

            I am using a dependency that requires me to have HTTPS on localhost. I've used the following code in nuxt.config.js to accomplish that:



            Answered 2022-Apr-16 at 21:59

            I've used that in the past



            volume already exists but was not created by Docker Compose
            Asked 2022-Mar-12 at 00:02

            This is what i get after i use ddev start on new or any other projects. I clear all docker images, volumes, etc... and problem repeats again...

            Does anybody has the same problem, does it have any connection with versions:

            • Docker version 20.10.11
            • Docker Compose version 2.2.0
            • ddev version v1.18.0


            Answered 2022-Mar-12 at 00:02

            This is worked around in DDEV v1.18.2+ (and v1.19+), please upgrade. It was a bug in docker-compose 2.2.0+ - please see for context.



            Is it fine to use the same mkcert certificate for both your frontend and backend?
            Asked 2022-Mar-07 at 08:09

            I'm developing a webapp that uses vite on the frontend for my local testing environment and also a separate API backend.

            I used mkcert to generate a local dev certificate and am using that one for the backend.

            My question is, for my frontend dev environment I also can use a certificate, as shown here in the vite config:



            Answered 2022-Mar-07 at 08:09

            Short answer: Yes you can


            The certificate doesn't make difference of "frontend" or "backend" things.

            It "take" only the FQDN given on creation and generally a certificate is valid for use on a single fully qualified domain name (FQDN), but it's out of scope of this question.

            What I mean is, if you create a certificate for only and you try to load it from, you will see the certificate as invalid.

            In your case, as you created the certificate for both local network IP and the public IP, then whatever you load the cert from localhost or, the certificate is valid.



            Errors "incomplete class type 'evp_pkey_st' is not allowed" and "'CRYPTO_mem_leaks' is undefined" on OpenSSL
            Asked 2022-Mar-01 at 17:10

            I'm currently trying to programmatically create public/private key pairs with the OpenSSL (version 1.1.1) library but I cannot compile my program because I'm getting the following errors:

            pointer to incomplete class type "evp_pkey_st" is not allowed

            identifier "CRYPTO_mem_leaks" is undefined

            I know OpenSSL is installed and is being recognized because I have included various OpenSSL header files without issue. The only include giving me a problem is openssl/evp.h which VSCode is telling me cannot be found. Does anyone know how to fix these issues? Thanks.



            Answered 2022-Mar-01 at 17:10

            In comments, you say you are compiling for OpenSSL 1.1.1.

            Direct access to OpenSSL struct members, such as in pkey->pkey.rsa, is no longer possible in OpenSSL 1.1.x onward, as OpenSSL has moved away from using typed struct pointers and now uses opaque pointers instead. The reason is so that OpenSSL structs can now change layout between versions without breaking code, something that wasn't really possible before 1.1.0.

            Per OpenSSL's wiki: OpenSSL 1.1.0 Changes

            All structures in libssl public header files have been removed so that they are "opaque" to library users. You should use the provided accessor functions instead

            As such, you now have to use individual getter/setter functions for each member. In this case, I think it is EVP_PKEY_get1_RSA(), eg:



            Expressjs app - HTTPS shows directory listing instead of site
            Asked 2021-Sep-10 at 06:57

            I have an app currently in development. All works well on my local machine but on my live server I am getting an issue I can't solve between the http and https versions of the site. Anyone know why I am getting a difference between the display of these two domains?



            I have installed the SSL certificate on the server but have been stuck for days trying to figure out what is happening here.

            Here is what my www file looks like:



            Answered 2021-Sep-10 at 06:57

            After lots of debugging I found what was causing this issue. This was caused by Phusion Passengers instantiation of the application.

            It simply uses two different paths when initializing the app. One for http and one for https.

            The standard path it uses for http config is:


            Not sure why but Phusion Passenger does not automatically create the correct path for SSL when you register your application in cpanel, meaning it can not find a path for https application config.

            I had to manually create the folders and then copy the config file from the above path to it. It looks like this:


            If you update one config file you need to update the other as they should be identical.

            The command line from the [cpanel documentation][1] did not work for me because the folders did not exist and were not automatically created when the app was registered.

            The command line I'm referring to from the above documentation is:



            Android Firefox constantly prompting to Accept Risk for mkcert-created SSL certificate
            Asked 2021-Jul-21 at 05:28

            In my dev laptop I installed an SSL cert using mkcert. Works fine in all desktop browsers. They don't even prompt to accept the "risk" and continue. But in my Android phone on the same LAN (with the dev subdomain in dns) I get that prompt from both Chrome and Firefox. That would be acceptable, except Firefox prompts pretty much every time I return focus to the app. It gets annoying having to click two extra buttons (Advanced then Accept Risk and Continue) for every code change that needs to be tested in all browsers.

            Is there any way to make Android Firefox permanently accept the cert or any other solution?



            Answered 2021-Jul-21 at 05:28

            Took a while, but I figured it out!

            First transfer copy of the rootCA.pem cert file from laptop to phone.

            File location found via CLI: mkcert -CAROOT

            Then install the cert file in Android settings, the location of which varies per device and Android version.

            In my phone it was in: Android Settings / General / Lock screen & security / Encryption & credentials / Install from storage

            You might have to restart the phone. Also might have to click TRUST on the cert in Android settings.

            Then enable Firefox secret settings by clicking multiple times on the Firefox logo in the About page, then in secret settings enable "Use third party CA certificates".




            How to setup local environment to run on https
            Asked 2021-Jun-23 at 11:11

            I am trying to run my React application via https local. I have followed the steps of this tutorial, have installed mkcert correctly and the root of my project currently looks like this:



            Answered 2021-Jun-23 at 11:11

            The solution was to amend my package.json file to look like this:



            ERR_SSL_PROTOCOL_ERROR when accessing webpack DevServer sub-URLs from a different machine
            Asked 2021-Jun-08 at 10:57

            I'm trying to access my web application served using the webpack DevServer from a virtual machine, but I'm able to connect through HTTPS only to the main URL - all sub-URLs fail with ERR_SSL_PROTOCOL_ERROR error.

            Here is my setup:

            I'm running webpack DevServer on a host machine with macOS. My virtual machine is running Windows 10 (VMware Fusion in bridged network mode). Webpack DevServer uses custom self-signed SSL certificates (generated using the mkcert tool).

            Here is my DevServer configuration (@angular-builders/custom-webpack:dev-server):



            Answered 2021-Jun-08 at 10:57

            The issue was caused by the latest version of Cisco AnyConnect Secure Mobility Client (4.10) installed on the host computer. After downgrading Cisco AnyConnect software to version 4.9 everything works as expected.



            After renaming my mac homefolder, I'm getting the follow error when trying to run: ddev start
            Asked 2021-May-19 at 23:00

            I had a requirement to rename my mac homefolder, however now when I try to run: ddev start I'm getting the following error (which is pointing to the older homefolder name gregmercer):



            Answered 2021-May-19 at 23:00

            Your mkcert CA has been orphaned.

            Please try mkcert -uninstall and then mkcert -install

            Then edit or remove the existing mkcert_caroot in your ~/.ddev/global_config.yaml



            DDEV prerelease on Mac M1 with docker tech preview doesn't work - docker broken
            Asked 2021-Apr-14 at 01:58

            I've been using DDEV for around 2 weeks with no issues using custom local domain names which was all working nicely until yesterday where one of my projects crashed.

            Upon restarting DDEV, when trying to go to any custom local domain e.g, it results in a 500 nginx error.

            If I go to ip address My browser auto resolved to http:// and I get:



            Answered 2021-Apr-14 at 01:58

            Edit 2021-04-13: The current Docker Desktop Tech Preview for Apple M1 (RC3) works fine with ddev.


            Community Discussions, Code Snippets contain sources that include Stack Exchange Network


            No vulnerabilities reported

            Install mkcert

            Warning: the rootCA-key.pem file that mkcert automatically generates gives complete power to intercept secure requests from your machine. Do not share it.


            mkcert supports the following root stores:. To only install the local root CA into a subset of them, you can set the TRUST_STORES environment variable to a comma-separated list. Options are: "system", "java" and "nss" (includes Firefox).
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries

            Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular TLS Libraries


            by FiloSottile


            by 2dust


            by acmesh-official


            by digitalocean


            by 233boy

            Try Top Libraries by FiloSottile


            by FiloSottileGo


            by FiloSottileGo


            by FiloSottileGo


            by FiloSottileGo


            by FiloSottileGo