← All open source projects

mkcert

FiloSottile/mkcert

mkcert is a simple utility for creating locally trusted TLS certificates for development.

GitHub · 59,188 stars Project website
Forks 3,127
Author FiloSottile
Language Go
License BSD-3-Clause
Synced 2026-06-27

What it is

mkcert is a small utility for local HTTPS certificates. It creates a local certificate authority, installs it into trusted stores, and issues certificates for development domains.

The project solves a web-development pain: modern APIs, cookies, service workers, and browser features often require HTTPS even locally. Self-signed certificates work poorly when the browser and system do not trust them.

How the project is built

The repository contains the Go utility, instructions for macOS, Linux, and Windows, and material on trust stores, mobile devices, and environment variables. The tool does not configure servers automatically; it gives certificate and key files.

Local certificate

This example shows the standard path: install a local CA and issue a certificate for several development names.

Language: Bash 
mkcert -install
mkcert localhost 127.0.0.1 ::1 myapp.test

The example is included for a practical reason: it shows the real shape of working with the project, whether that is a command, data structure, interface fragment, or diagram that appears in documentation and source code.

How it is used

A typical scenario is installing the local CA once, then generating a certificate for localhost, an internal domain, or a test service name and wiring it into the development server.

mkcert usually requires checking not only the start command, but operational details: updates, access rights, secret storage, recovery, licensing, and clear responsibility between the tool and the application.

It is also worth checking project boundaries: what it does itself, what it delegates to external services, what data it accepts, and which decisions stay with the user. That prevents expecting more than the repository promises.

For the catalog, the important point is not only that the repository exists, but what practical role it plays: where it fits into a stack, what manual work it removes, and which decisions remain with the team.

Strengths and limits

Its strength is simplicity. Instead of manual OpenSSL work and browser warnings, a developer gets a short command and certificates trusted by the local machine.

The limitation is scope. mkcert is for development, not public websites. The local root key needs care: if it leaks, trust on that machine becomes a security problem.

Context

mkcert is useful for almost any web project that needs real HTTPS locally. It does not replace Let’s Encrypt or corporate PKI, but it sharply reduces development friction.

This kind of overview helps separate a repository as an attractive GitHub page from a repository as a real stack element with documentation, limits, community, and maintenance cost.

Before using a project like this, it is worth checking current status, license, recent changes, open issues, and fit for the actual task. That is especially important for infrastructure, AI tools, network clients, and older archived projects.