When developing web applications locally, you often need HTTPS for features like service workers, HTTP/2, or testing secure cookies. Rather than dealing with browser warnings about self-signed certificates, use mkcert to create locally-trusted development certificates.

Installing mkcert

mkcert is a simple tool that creates locally-trusted development certificates. It requires zero configuration.

brew install mkcert
mkcert -install

The -install command creates a local certificate authority (CA) that your system and browsers will trust.

Creating certificates for your domains

Generate certificates for your local development domains:

mkcert local.mydomain.com

This creates two files in your current directory:

  • local.mydomain.com.pem - your certificate
  • local.mydomain.com-key.pem - your private key

You can create certificates for multiple domains at once:

mkcert example.test localhost 127.0.0.1 ::1

Using the certificates

Move the generated certificates to wherever your application expects them:

# Example for Node.js app
mkdir -p ./config/certs
mv local.mydomain.com*.pem ./config/certs/

Then configure your application to use these files. For example, in a Node.js app:

const https = require('https');
const fs = require('fs');

const options = {
  key: fs.readFileSync('./config/certs/local.mydomain.com-key.pem'),
  cert: fs.readFileSync('./config/certs/local.mydomain.com.pem')
};

https.createServer(options, app).listen(443);

Configure your hosts file

The final step is to map your domain to localhost in your /etc/hosts file:

127.0.0.1    local.mydomain.com

Now you can access https://local.mydomain.com in your browser without any certificate warnings.