mkcert is a simple, zero-configuration command-line tool that makes locally-trusted development certificates. Created by Filippo Valsorda, it solves the common developer pain point of needing HTTPS in local development without dealing with self-signed certificate trust errors or complex PKI setup.

How It Works

mkcert creates and installs a local Certificate Authority (CA) in your system’s root trust store and in Firefox’s trust store. Once installed, any certificate generated by mkcert is automatically trusted by browsers and other TLS clients on your machine. A single command like mkcert localhost 127.0.0.1 ::1 produces a PEM certificate and private key pair ready for use with any HTTPS server.

Key Capabilities

The tool supports multiple Subject Alternative Names (SANs) including domain names, wildcard domains (e.g., *.example.com), IP addresses, and email addresses. It works cross-platform on macOS, Linux, and Windows, integrating with system trust stores and NSS (for Firefox/Thunderbird). Installation is available via Homebrew, MacPorts, Chocolatey, or from pre-built binaries on the GitHub releases page.

Agent Skill Integration

As an agent skill, mkcert can be invoked to set up HTTPS for local development servers, configure TLS for Docker-based development environments, generate certificates for testing webhook endpoints, or prepare secure local proxies. The tool outputs standard PEM files that work with Node.js, Nginx, Apache, Caddy, and virtually any TLS-capable server. Combined with a development server configuration, agents can fully automate HTTPS-enabled local development environments without user interaction beyond the initial CA installation.

Security Considerations

The root CA key generated by mkcert has the power to intercept secure requests from the machine, so it should never be shared or committed to version control. The tool is designed exclusively for development use and should not be used in production environments.