Install Mkcert on Windows|Linux|Ubuntu with Localhost SSL HTTPS Certificates

This guide teaches you how to install Mkcert on Windows and Linux (Ubuntu). You’ll then use Mkcert to create locally trusted development SSL certificates for your HTTPS local host domains.

In summary, you will learn:

• Installing Mkcert on Windows, macOS and Linux (Ubuntu).
• How to create and generate Mkcert localhost SSL certificate.
• Configure Mkcert certificate authorities (CAs) with your local HTTPS server.
• How to add Mkcert localhost certificate to Node.js and NGINX server.

Let’s dive in and move your local SSL to the next level using the Mkcert localhost certificate.

Related: Add localhost Domain HTTPS with Let’s Encrypt SSL Certificate Issuer - SelfSigned

Step 1: Installing Mkcert on Windows

To install and use Mkcert on Windows, use Chocolatey or Scoop as follows:

# Mkcert Chocolatey command
choco install mkcert
# Mkcert Scoop commands
scoop bucket add extras
scoop install mkcert

Run the following command to confirm that Mkcert is now installed on your Windows machine.

mkcert --version
# Ouput example
v1.4.4

Step 2: Installing Mkcert on Linux/Ubuntu

This guide will use Ubuntu to demonstrate how to use Mkcert on Linux.

• First, install libnss3-tools (If you are using a different Linux distro, check here):

sudo apt-get install libnss3-tools

Now go ahead and install Mkcert using the following command:

sudo apt install mkcert

Run the following command to confirm that Mkcert is now installed on your Ubuntu machine.

mkcert --version
# Ouput example
1.4.3

Step 3: Generating SSL certificate with Mkcert locally

Mkcert simplifies how to generate SSL certificates. Specifically for local development environments with SSL/TLS certificates. You don’t need to use OpenSSL as Mkcert does all CA right thing by default without using flags to configure your Keys and certificates.

Go ahead and create a working directory and cd to it. This will help you manage your local SSL certificates in a single point:

mkdir cert
cd cert

• Install local CA using Mkcert using the following command (This works on any OS you are using):

mkcert -install

Here are the outputs of running the above command:

On Ubuntu:

On Windows:

Proceed and generate the localhost SSL certificate using the following command (Make sure you run this command in your cert directory):

mkcert localhost

This will allow Mkcert to create a new valid certificate:

Your cert directory will have two files, localhost-key.pem and localhost.pem, as follows:

Step 4: Deploying Mkcert CA and adding Certificates to Trusted Local Stores

You have the certificate ready locally. Now you’re the CA of your computer, and you must tell it to trust your Certificates. To do so, you need to add certificates to trusted stores as follows:

For Windows:

• Launch the Windows console using the Windows + R keys

• Add mmc and click OK to launch the following Window:

• Navigate to Files> Add/Remove Snap-in > Certificate > Add:

• Here select Computer Account > Next > Local Computer > Finish > OK:

• Expand Certificates (local Computer) and right click Trusted Root Certification Authorities > All Tasks > Import:

• This will launch a Certificate Import wizard, and you need to click Next > Browse.

• Navigate to your cert directory where your CA is stored. You will need to ensure your Explorer has All Files(.) selected, then locate your localhost.pem file > Open > Next > Place all certificates in the following store > Next > Finish and the Import should be successful.

For Linux, use certutil to add the certificate as follows:

sudo mkdir -p /usr/local/share/ca-certificates
sudo cp localhost.pem /usr/local/share/ca-certificates/
sudo update-ca-certificates

Step 4: Using the Mkcert Certificate with Local HTTPS Server

Let’s now test if the created Mkcert SSL certificate can now work and serve localhost domains on HTTPS. This will act as a deployment in a development environment. This test will use Mkcert with Node.js and NGINX.

• Using Node.js:

Create an index.js file and use the https module to include the certificate as follows:

Related: Create an HTTPS Server on NodeJS with Express & CreateServer on Localhost

const https = require('https');
const fs = require('fs');

const options = {
  key: fs.readFileSync('./cert/localhost-key.pem'),
  cert: fs.readFileSync('./cert/localhost.pem'),
};

const server = https.createServer(options, (req, res) => {
  if (req.method === 'GET' && req.url === '/') {
    res.writeHead(200);
    res.end('Hello World!');
  } else {
    res.writeHead(404);
    res.end('Not Found');
  }
});

server.listen(3000, () => {
  console.log('Server is listening on https://localhost:3000');
});

To start the server, run the following:

node index.js

Now open https://localhost:3000, and your Mkcert Node.js certificate should work fine:

• Using Nginx, Add SSL configuration to your Nginx server block as follows:

server {
  listen 443 ssl;
  server_name localhost;

  ssl_certificate /path/to/localhost.pem;
  ssl_certificate_key /path/to/localhost-key.pem;

  # Other configurations...
}

Conclusion

You’ve installed Mkcert, generated a trusted SSL certificate for localhost, and deployed it in your development environment. You have learned:

• Installing Mkcert on Windows, macOS and Linux (Ubuntu).
• How to create and generate Mkcert localhost SSL certificate.
• Configure Mkcert certificate authorities (CAs) with your local HTTPS server.
• How to add Mkcert localhost certificate to Node.js and NGINX server.

FAQ

Q: Can Mkcert generate certificates for domains other than localhost? Yes, Mkcert generates certificates for any domain or subdomain. Simply replace localhost with your desired domain name when running the Mkcert command.

Q: Is Mkcert suitable for production environments? No, Mkcert is major for local development and testing. For production, consider obtaining SSL certificates from a trusted Certificate Authority such as OpenSSL.

Q: Can I use Mkcert with Docker or VMs? Yes, Mkcert-generated certificates are usable with Docker containers and virtual machines to secure communication within your local environment.

Q: How do I remove certificates generated by Mkcert? To remove Mkcert-generated certificates, use the mkcert -uninstall command. This will remove the local CA and associated certificates.