explaingit

filosottile/mkcert

Analysis updated 2026-06-20

58,786GoAudience · developerComplexity · 1/5Setup · easy

TLDR

mkcert creates trusted HTTPS certificates for your local development machine in two commands, so browsers stop showing security warnings when you test websites on localhost.

Mindmap

mindmap
  root((mkcert))
    What it does
      Creates local CA
      Generates trusted certs
      Eliminates browser warnings
    Tech stack
      Go binary
      Single executable
    Use cases
      Local dev HTTPS
      Wildcard certs
      Multiple domains
    Setup
      Two commands total
      macOS Linux Windows
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Set up trusted HTTPS for localhost so Chrome and Firefox stop showing certificate warnings during development.

USE CASE 2

Generate a single certificate file covering multiple local domains and wildcard addresses.

USE CASE 3

Test secure cookies, mixed-content restrictions, and HTTPS-only browser APIs locally without a real domain.

USE CASE 4

Create a trusted cert for a custom dev domain like myapp.test without any browser complaints.

What is it built with?

Go

How does it compare?

filosottile/mkcertusememos/memospocketbase/pocketbase
Stars58,78659,40058,165
LanguageGoGoGo
Setup difficultyeasyeasyeasy
Complexity1/52/52/5
Audiencedevelopergeneralvibe coder

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

In plain English

mkcert is a small command-line tool that generates HTTPS certificates that your browser will trust on your local development computer. The problem it solves is a common frustration for web developers: when you run a website on your own machine for testing, your browser displays scary security warnings because the site uses HTTPS but there is no trusted certificate authority vouching for it. Using real certificates from official certificate authorities is not possible for local addresses like localhost or made-up development domains, and self-signed certificates cause browsers to complain. mkcert eliminates this friction entirely. The way it works is that it creates a local certificate authority on your machine, which acts as a private trusted root for your computer only. It then registers that authority with your operating system's trust store, and optionally with Firefox and the Java runtime. Once that is done, you run mkcert with the domain names you want and it generates certificate files that your browser accepts without warnings, because your local certificate authority signed them. The whole setup takes two commands. The tool supports macOS, Linux, and Windows, and can generate certificates for multiple domains, wildcard domains like star.example.com, localhost, and IP addresses in a single certificate file. It is written in Go, which means it compiles to a single self-contained binary. An important caveat noted in the README is that the private key file mkcert generates should never be shared, as it would allow anyone who has it to create fake trusted certificates on your machine. You would use mkcert whenever you need to test HTTPS-required browser features, secure cookies, or mixed-content restrictions locally without fighting certificate errors.

Copy-paste prompts

Prompt 1
I ran mkcert -install and mkcert localhost. Show me how to configure my Node.js Express dev server to use the generated .pem files.
Prompt 2
Show me how to use mkcert to generate one certificate that covers localhost, 127.0.0.1, and myapp.test at the same time.
Prompt 3
Write an nginx.conf snippet for a local dev site that uses the cert and key files produced by mkcert.
Prompt 4
How do I make a Docker container trust the local mkcert certificate authority so HTTPS works inside the container?

Frequently asked questions

What is mkcert?

mkcert creates trusted HTTPS certificates for your local development machine in two commands, so browsers stop showing security warnings when you test websites on localhost.

What language is mkcert written in?

Mainly Go. The stack also includes Go.

How hard is mkcert to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is mkcert for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub filosottile on gitmyhub

Verify against the repo before relying on details.