These cookies enable us to remember you have used our Services before, preferences you may have indicated and information you have provided to us to give you a customised experience. For example, this would include ensuring the continuity of your registration process.
Mkcert is a simple tool that enables you to generate and install self-signed SSL certificates for local development. Here are the steps to install, configure, and generate self-signed SSL certificates with mkcert :
sudo apt install libnss3-tools curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64" chmod +x mkcert-v*-linux-amd64 sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert
Verify that mkcert is correctly installed by running the command mkcert -h Paragraph.
Run the following command to create a root certificate authority (CA) that will be used to sign your TLS certificates :
Generate a new SSL certificate: Run the following command to generate a new SSL certificate for a domain name :
This will generate two files : mydomain.local.pem and mydomain.local-key.pem
To configure your web server to use the new SSL certificate, update the server configuration to point to the generated mydomain.local.pem file. For example, in Nginx, add the following lines to your server configuration :
ssl_certificate /path/to/mydomain.local.pem; ssl_certificate_key /path/to/mydomain.local-key.pem;
Test the SSL certificate: Restart your web server and test that the new SSL certificate is working by visiting https://mydomain.local in your web browser. You should see a green padlock indicating that the connection is secure.
Note: When generating SSL certificates with mkcert, always use a domain name that is not publicly registered and is intended for local development only. Do not use the generated certificates for production websites.
Installing the CA key on all machines
From Debian or Ubuntu :
sudo cp ~/.local/share/mkcert/rootCA.pem /usr/local/share/ca-certificates/rootCA.crt sudo apt install -y ca-certificates sudo update-ca-certificates Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
From Redhat or Other :
sudo cp ~/.local/share/mkcert/rootCA.pem /etc/pki/ca-trust/source/anchors/rootCA.crt sudo dnf install -y ca-certificates sudo update-ca-trust
For Windows you need to convert the certificate :
openssl pkcs12 -inkey mydomain.local-key.pem -in mydomain.local.pem -export -out mydomainCA.pfx Enter Export Password: Verifying - Enter Export Password:
Copy the mydomainCA.pfx file to your Windows machine. [windows] and certificat, go to the Trusted Root Certification Authorities/Certificates directory. Then right click, All tasks > Import and select the file mydomainCA.pfx and Enter password if needed.