Analysis updated 2026-06-20
Set up trusted HTTPS for localhost so Chrome and Firefox stop showing certificate warnings during development.
Generate a single certificate file covering multiple local domains and wildcard addresses.
Test secure cookies, mixed-content restrictions, and HTTPS-only browser APIs locally without a real domain.
Create a trusted cert for a custom dev domain like myapp.test without any browser complaints.
| filosottile/mkcert | usememos/memos | pocketbase/pocketbase | |
|---|---|---|---|
| Stars | 58,786 | 59,400 | 58,165 |
| Language | Go | Go | Go |
| Setup difficulty | easy | easy | easy |
| Complexity | 1/5 | 2/5 | 2/5 |
| Audience | developer | general | vibe coder |
Figures from each repo's GitHub metadata at analysis time.
mkcert is a small command-line tool that generates HTTPS certificates that your browser will trust on your local development computer. The problem it solves is a common frustration for web developers: when you run a website on your own machine for testing, your browser displays scary security warnings because the site uses HTTPS but there is no trusted certificate authority vouching for it. Using real certificates from official certificate authorities is not possible for local addresses like localhost or made-up development domains, and self-signed certificates cause browsers to complain. mkcert eliminates this friction entirely. The way it works is that it creates a local certificate authority on your machine, which acts as a private trusted root for your computer only. It then registers that authority with your operating system's trust store, and optionally with Firefox and the Java runtime. Once that is done, you run mkcert with the domain names you want and it generates certificate files that your browser accepts without warnings, because your local certificate authority signed them. The whole setup takes two commands. The tool supports macOS, Linux, and Windows, and can generate certificates for multiple domains, wildcard domains like star.example.com, localhost, and IP addresses in a single certificate file. It is written in Go, which means it compiles to a single self-contained binary. An important caveat noted in the README is that the private key file mkcert generates should never be shared, as it would allow anyone who has it to create fake trusted certificates on your machine. You would use mkcert whenever you need to test HTTPS-required browser features, secure cookies, or mixed-content restrictions locally without fighting certificate errors.
mkcert creates trusted HTTPS certificates for your local development machine in two commands, so browsers stop showing security warnings when you test websites on localhost.
Mainly Go. The stack also includes Go.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.