Goodbye Browser Warnings: Secure Your Local Development with mkcert


Goodbye Browser Warnings: Secure Your Local Development with mkcert

FiloSottile/mkcert

2025-08-15

When you're developing a web application, you often want to simulate a production environment as closely as possible. This includes using HTTPS, which encrypts the communication between the client and server. However, if you're just using a self-signed certificate, your browser will flag it as insecure, forcing you to click through warnings every time you refresh your page. This is where mkcert comes in.

mkcert creates a local Certificate Authority (CA) and automatically trusts it on your system. This means any certificates you generate with mkcert will be trusted by your browser, eliminating those pesky warnings. It's a huge time-saver and makes the development process much smoother, especially when working with

OAuth and other APIs
Many APIs, like those for social media logins, require secure callbacks over HTTPS.

Service Workers
Service workers, which enable offline functionality and push notifications, can only be used on pages served over HTTPS.

Modern Web Features
Many modern browser features and APIs are being restricted to secure contexts (HTTPS).

The installation is straightforward. You just need to follow a few simple steps.

The easiest way to install is with a package manager.

For macOS (using Homebrew)

brew install mkcert

For Windows (using Chocolatey or Scoop)

# Using Chocolatey
choco install mkcert

# Using Scoop
scoop install mkcert

For Linux (using a pre-compiled binary)

You can download a pre-compiled binary from the GitHub releases page or use a package manager like apt or yum. For example, on a Debian-based system, you might use

# First, install the package that provides mkcert
sudo apt install libnss3-tools
wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64
sudo mv mkcert-v1.4.3-linux-amd64 /usr/local/bin/mkcert
sudo chmod +x /usr/local/bin/mkcert

Once mkcert is installed, you need to set up the local CA. This is a one-time process.

mkcert -install

This command will create a new, private CA on your machine and trust it for use with your web browsers.

Now you can generate a certificate for your local development domain. For example, if you want to use myapp.local as your development domain

mkcert myapp.local

This will create two files in your current directory
myapp.local.pem (the certificate) and myapp.local-key.pem (the private key).

Let's look at a simple Node.js Express server to see how you'd use these certificates.

First, make sure you have express installed

npm install express

Next, create a file named server.js and use the certificates you just generated.

const express = require('express');
const https = require('https');
const fs = require('fs');

const app = express();
const port = 3000;

// Load the certificate and private key
const options = {
  key: fs.readFileSync('myapp.local-key.pem'),
  cert: fs.readFileSync('myapp.local.pem')
};

app.get('/', (req, res) => {
  res.send('Hello HTTPS World!');
});

// Create the HTTPS server
https.createServer(options, app).listen(port, () => {
  console.log(`Server running at https://myapp.local:${port}`);
});

To run this, you would use

node server.js

Now, if you have your system's hosts file configured to point myapp.local to 127.0.0.1, you can navigate to https://myapp.local:3000 in your browser, and you'll see your page served securely without any warnings.


FiloSottile/mkcert




Mastering Sniffnet: Practical Network Insights for Software Professionals

[Windows, macOS, Linux]As software engineers, we often need to understand what's happening under the hood of our applications and systems


WaveTerm: Enhancing Software Engineer Workflows with Cross-Platform Terminal Panes

WaveTerm is an open-source, cross-platform terminal designed to enhance productivity, especially for complex or multi-step workflows


From Code to Console: Understanding shadPS4 as a Software Engineer

Let's dive into shadPS4, a PlayStation 4 emulator written in C++, from a software engineer's perspective. This is a fascinating project that offers a lot of learning opportunities and practical insights


PowerShell for Engineers: Beyond Windows

From a software engineer's perspective, PowerShell is a fantastic scripting and automation tool. Here's why you'd want it in your toolbox


A Software Engineer's Guide to Clash Verge Rev

Clash Verge Rev is a modern, cross-platform GUI client for Clash, designed for Windows, macOS, and Linux. As a software engineer


Unleashing Local AI: Integrating k2-fsa/sherpa-onnx Across 12 Programming Languages

Simply put, it's an open-source, real-time speech and audio processing toolkit built on top of the next-generation Kaldi framework and leveraging ONNX Runtime for high-performance


From EPUB to M4B: Automating Content Creation with Advanced Text-to-Speech

This tool is a powerful utility for creating audiobooks from various e-book formats, leveraging advanced Text-to-Speech (TTS) models and voice cloning technology


Winapps: Seamlessly Integrate Windows Apps into Your Linux Workflow

Imagine you're a Linux user, maybe you're developing on a powerful Ubuntu machine because of its excellent command-line tools and development environment


Stop Fumbling with Your Phone: A Guide to Seamless Android Control via escrcpy

Think of it as a polished, user-friendly graphical wrapper for scrcpy (the legendary command-line tool for mirroring Android devices). If you've ever struggled with tiny phone screens while debugging or hated switching between your mouse and a physical phone


tldr-pages: Your Command-Line Cheat Sheet for Software Engineers

As software engineers, we frequently interact with the command line. Whether it's git for version control, docker for containerization