filosottile/mkcert

mkcert is a small command-line tool that generates HTTPS certificates that your browser will trust on your local development computer. The problem it solves is a common frustration for web developers: when you run a website on your own machine for testing, your browser displays scary security warnings because the site uses HTTPS but there is no trusted certificate authority vouching for it. Using real certificates from official certificate authorities is not possible for local addresses like localhost or made-up development domains, and self-signed certificates cause browsers to complain. mkcert eliminates this friction entirely. The way it works is that it creates a local certificate authority on your machine, which acts as a private trusted root for your computer only. It then registers that authority with your operating system's trust store, and optionally with Firefox and the Java runtime. Once that is done, you run mkcert with the domain names you want and it generates certificate files that your browser accepts without warnings, because your local certificate authority signed them. The whole setup takes two commands. The tool supports macOS, Linux, and Windows, and can generate certificates for multiple domains, wildcard domains like star.example.com, localhost, and IP addresses in a single certificate file. It is written in Go, which means it compiles to a single self-contained binary. An important caveat noted in the README is that the private key file mkcert generates should never be shared, as it would allow anyone who has it to create fake trusted certificates on your machine. You would use mkcert whenever you need to test HTTPS-required browser features, secure cookies, or mixed-content restrictions locally without fighting certificate errors.