Generate self-signed SSL certificates with mkcert

Mkcert is a simple tool that enables you to generate and install self-signed SSL certificates for local development. Here are the steps to install, configure, and generate self-signed SSL certificates with mkcert :

sudo apt install libnss3-tools
curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
chmod +x mkcert-v*-linux-amd64
sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert

Verify that mkcert is correctly installed by running the command  mkcert -h  Paragraph. 
Run the following command to create a root certificate authority (CA) that will be used to sign your TLS certificates :

mkcert -install

​Generate a new SSL certificate: Run the following command to generate a new SSL certificate for a domain name :

mkcert mydomain.local

​This will generate two files :  mydomain.local.pem and mydomain.local-key.pem

To configure your web server to use the new SSL certificate, update the server configuration to point to the generated mydomain.local.pem file. For example, in Nginx, add the following lines to your server configuration :

ssl_certificate /path/to/mydomain.local.pem;
ssl_certificate_key /path/to/mydomain.local-key.pem;

​Test the SSL certificate: Restart your web server and test that the new SSL certificate is working by visiting  https://mydomain.local in your web browser. You should see a green padlock indicating that the connection is secure.
Note: When generating SSL certificates with mkcert, always use a domain name that is not publicly registered and is intended for local development only. Do not use the generated certificates for production websites.

Installing the CA key on all machines

From Debian or Ubuntu :

sudo cp ~/.local/share/mkcert/rootCA.pem /usr/local/share/ca-certificates/rootCA.crt
sudo apt install -y ca-certificates
sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

From Redhat or Other :

sudo cp ~/.local/share/mkcert/rootCA.pem /etc/pki/ca-trust/source/anchors/rootCA.crt
sudo dnf install -y ca-certificates
sudo update-ca-trust

For Windows ​you need to convert the certificate :

openssl pkcs12 -inkey mydomain.local-key.pem -in mydomain.local.pem -export -out mydomainCA.pfx

Enter Export Password:
Verifying - Enter Export Password:

Copy the mydomainCA.pfx file to your Windows machine. [windows] and certificat,  go to the Trusted Root Certification Authorities/Certificates directory. Then right click, All tasks > Import and select the file mydomainCA.pfx and Enter password if needed.