Linux Security

mkcert – Simple Localhost Certs

Using Mkcert to generate valid SSL certificates on your local machine for development

Oftentimes I’m developing something locally and I need an SSL Certificate.

I’m too cheap to buy a valid SSL cert for a subdomain like “” and often the domain changes based on what I’m doing,

LetsEncrypt is great, but requires your server to be public facing and be a web server, which for dev stuff isn’t really practical,

Enter mkcert – a tool that allows you to generate valid SSL certificates on your machine for any domain, the catch is that it’s only on your machine.

I’m working on a WebSocket platform at the moment, which requires an SSL certificate.

So I set an entry in my hosts file to point “webrtc” to the IP of one of the machines,

I then generated the cert on my local machine,

mkcert -install webrtc 

Which outputs the certificate and private key, which I copied it onto the server I’m working on, twiddled some knobs in Apache2 and presto, valid cert!

The downside is of course anyone else going to this site would see the cert as invalid, but as it’s just me, it doesn’t matter!

You can get Mkcert from GitHub.

2 replies on “mkcert – Simple Localhost Certs”

You don’t actually need the server to be public for let’sencrypt – it’s the most common way (I believe), but you have other options (ie dns)

Certbot can even hook straight into aws route 53 (if that’s your DNS provided).. otherwise you can just manually do it – the dns value is displayed for you and you press continue when you’ve manually updated your dns

Leave a Reply