mkcert Local HTTPS Certificate Tool

mkcert is a free and open-source tool that generates locally-trusted development certificates for HTTPS testing, eliminating the complexity of creating self-signed certificates and manually trusting them. Created by Filippo Valsorda (a cryptography engineer who worked at Google and Cloudflare) in 2018 and written in Go, mkcert has become the de facto standard for local HTTPS development. Key features: simple workflow: running 'mkcert localhost 127.0.0.1 ::1' generates a valid TLS certificate for those hostnames, instantly usable by any web server or development tool. No manual certificate signing requests, no OpenSSL commands, no browser warnings. Local CA: mkcert creates a local Certificate Authority (CA) on first run and installs it into the system trust store, so all certificates signed by this CA are automatically trusted by the operating system and browsers. The CA is stored in the user's home directory. Multi-platform trust store: mkcert automatically installs the CA root into: macOS Keychain, Windows certificate store, Linux (ca-certificates for Debian/Ubuntu, Fedora/RHEL), Firefox (via the NSS database), Chrome and Chromium (via OS trust store). Certificate types: generates certificates for multiple hostnames (domain names, IP addresses) in a single certificate, with Subject Alternative Names (SAN). Wildcard certificates (*.example.com) are also supported. ECDSA certificates: uses modern elliptic curve cryptography (P-256) by default, with RSA as an option. Client certificates: can generate client (mutual TLS) certificates for mTLS testing. PKCS#12: export certificates in PKCS#12 (.p12) format for Java, IIS, and other tools. S/MIME certificates: generate certificates for email signing and encryption. Uninstall: mkcert -uninstall removes the CA from all trust stores. No internet connection required. Go binary. Cross-platform: Linux, macOS, Windows. BSD-3-Clause.