- Download
mkcert
- Rename the binary to
mkcert
and optionally, place it to%PATH%
- Run
.\mkcert -install
and consult the Install section for manual Windows Firefox steps - Share the CA with any other computers and mobile devices that need it:
- Computers: https://github.com/FiloSottile/mkcert#installing-the-ca-on-other-systems
- Mobile devices: https://github.com/FiloSottile/mkcert#mobile-devices
- Consult the Install section for macOS Safari troubleshooting
- Generate a certificate for your host name, e.g.:
mkcert localhost
- Configure your web server to use
localhost.pem
andlocalhost-key.pem
Follow the guide in the Gist.
mkcert
will install the certificate authority to the system and browser trust stores
where it can, but there are a few expections:
mkcert doesn't know how to install the certificate authority into the Firefox trust store on Windows, so it needs to be done manually by doing either this:
- Go to
about:preferences#privacy
- Scroll to the Certificates section
- Click the View Certificates… button
- Switch to the Authorities tab
- Click the Import… button
- Locate the
rootCA.pem
file created duringmkcert -install
- Check Thurst this CA to authenticate web sites
…or by going to about:config
and seting security.enterprise_roots.enabled
. This
as I understand it will make Firefox also respect the OS trust stores to which mkcert
does install the certificate authority on its own.
Safari on macOS can be stubborn when installing a certificate authority from a different
machine (and perhaps even from the same machine, who knows). I have found that after
copying rootCA.pem
from a Windows machine to a macOS machine and placing it to the
mkcert -CAROOT
path and running mkcert -install
, other browsers will happily accept
the certificate authority and the certificates generated by that authority on a different
machine, but macOS Safari will not. I have not looked further into this because I just
don't care about macOS Safari all too much.
The flow to install the certificate on iOS is easy: transfer the PEM over to the device using AirDrop or WhatsApp, download it to the Files app, find and open it in the Files app, confirm the prompt asking to install the profile, go to the Settings app and click the new item which says "Profile downloaded", select the Install option and go through the guide.
After this, you may find Safari will still warn you about the certificate and you might need to go forcefully through using the Visit website link anyway, but afterwards, upon further refreshes, you should find the certificate works perfectly.
const https = require('https');
const fs = require('fs');
https.createServer(
{
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem'),
},
(request, response) => {
},
() => console.log('Running.')
);