Working with local development environments often requires simulating a production setup, and a crucial part of this is securing connections with SSL/TLS certificates. While self-signed certificates are common, they typically trigger browser security warnings because they aren’t trusted by default. This is where a tool like mkcert becomes invaluable. It’s a simple, cross-platform command-line utility specifically designed to generate locally-trusted development certificates.
To get started with mkcert on a Ubuntu 20.04 system, the installation is straightforward. First, you need to install the necessary prerequisites. On Ubuntu, you can install certutil and openssl using the package manager:
sudo apt update
sudo apt install libnss3-tools openssl
Once the prerequisites are in place, you can install mkcert. A common and reliable method is to download the pre-compiled binary. You can find the latest release on the project’s GitHub page. Use curl to download the appropriate binary for your system architecture and then move it to a directory included in your system’s PATH, such as /usr/local/bin:
# Find the latest version and URL from mkcert releases page
curl -JL https://github.com/FiloSottile/mkcert/releases/download/vX.Y.Z/mkcert-vX.Y.Z-linux-amd64 # Replace X.Y.Z with the actual version
sudo mv mkcert-vX.Y.Z-linux-amd64 /usr/local/bin/mkcert # Adjust filename if needed
sudo chmod +x /usr/local/bin/mkcert
Note: Always replace vX.Y.Z and the filename with the latest release details from the mkcert GitHub releases page.
After installing mkcert, the next step is to install its local CA (Certificate Authority). This CA is what your operating system and browsers will be configured to trust, allowing any certificates issued by this CA (using mkcert) to be trusted as well. Run the following command:
mkcert -install
This command will create a new local CA and add it to your system’s trusted root stores and relevant browser stores. You might be prompted for your system password.
Now that mkcert is installed and its CA is trusted, generating certificates for your local development domains is simple. You can generate a certificate for specific domains or IP addresses. For instance, to create a certificate for localhost and 127.0.0.1, you would run:
mkcert localhost 127.0.0.1
This command will create two files in the directory where you ran the command: a certificate file (.pem) and a private key file (-key.pem). These are the files you will configure your local web server (like Nginx, Apache, Caddy, or a Node.js server) to use for SSL/TLS.
To generate a certificate for multiple custom local domains, list them separated by spaces:
mkcert yourlocalsite.test anotherapp.local *.dev.localhost
The output will show you the names of the generated certificate and key files. You then configure your web server to listen on HTTPS (typically port 443 or a custom port like 8443) and point it to the generated .pem and -key.pem files. Because the mkcert CA is trusted by your system, browsers accessing these local domains configured with the generated certificates will show a secure connection without warnings.
Using mkcert vastly simplifies the process of setting up HTTPS for local development, providing a reliable and secure environment that mirrors production more closely without the hassle of managing external CAs or dealing with persistent browser warnings. This method ensures your development workflow is smooth and your testing accurately reflects a secure production deployment.
Source: https://kifarunix.com/create-locally-trusted-ssl-certificates-with-mkcert-on-ubuntu-20-04/
