{"id":13397537,"url":"https://github.com/FiloSottile/mkcert","last_synced_at":"2025-03-14T00:32:25.943Z","repository":{"id":37390795,"uuid":"138547797","full_name":"FiloSottile/mkcert","owner":"FiloSottile","description":"A simple zero-config tool to make locally trusted development certificates with any names you'd like.","archived":false,"fork":false,"pushed_at":"2024-04-18T08:53:27.000Z","size":1799,"stargazers_count":45916,"open_issues_count":134,"forks_count":2352,"subscribers_count":472,"default_branch":"master","last_synced_at":"2024-05-09T20:36:00.181Z","etag":null,"topics":["certificates","chrome","firefox","https","ios","linux","local-development","localhost","macos","root-ca","tls","windows"],"latest_commit_sha":null,"homepage":"https://mkcert.dev","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FiloSottile.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":"https://github.com/FiloSottile/FiloSottile/blob/main/maintenance.md#funding"}},"created_at":"2018-06-25T05:33:03.000Z","updated_at":"2024-06-18T10:47:10.886Z","dependencies_parsed_at":"2023-02-19T06:45:41.635Z","dependency_job_id":"c222b82d-5257-43c7-ba4a-d1fcec13b970","html_url":"https://github.com/FiloSottile/mkcert","commit_stats":{"total_commits":164,"total_committers":42,"mean_commits":"3.9047619047619047","dds":0.5914634146341464,"last_synced_commit":"2a46726cebac0ff4e1f133d90b4e4c42f1edf44a"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FiloSottile%2Fmkcert","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FiloSottile%2Fmkcert/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FiloSottile%2Fmkcert/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FiloSottile%2Fmkcert/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FiloSottile","download_url":"https://codeload.github.com/FiloSottile/mkcert/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238187294,"owners_count":19430866,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificates","chrome","firefox","https","ios","linux","local-development","localhost","macos","root-ca","tls","windows"],"created_at":"2024-07-30T18:01:29.468Z","updated_at":"2025-03-14T00:32:25.914Z","avatar_url":"https://github.com/FiloSottile.png","language":"Go","readme":"# mkcert\n\nmkcert is a simple tool for making locally-trusted development certificates. It requires no configuration.\n\n```\n$ mkcert -install\nCreated a new local CA 💥\nThe local CA is now installed in the system trust store! ⚡️\nThe local CA is now installed in the Firefox trust store (requires browser restart)! 🦊\n\n$ mkcert example.com \"*.example.com\" example.test localhost 127.0.0.1 ::1\n\nCreated a new certificate valid for the following names 📜\n - \"example.com\"\n - \"*.example.com\"\n - \"example.test\"\n - \"localhost\"\n - \"127.0.0.1\"\n - \"::1\"\n\nThe certificate is at \"./example.com+5.pem\" and the key at \"./example.com+5-key.pem\" ✅\n```\n\n\u003cp align=\"center\"\u003e\u003cimg width=\"498\" alt=\"Chrome and Firefox screenshot\" src=\"https://user-images.githubusercontent.com/1225294/51066373-96d4aa80-15be-11e9-91e2-f4e44a3a4458.png\"\u003e\u003c/p\u003e\n\nUsing certificates from real certificate authorities (CAs) for development can be dangerous or impossible (for hosts like `example.test`, `localhost` or `127.0.0.1`), but self-signed certificates cause trust errors. Managing your own CA is the best solution, but usually involves arcane commands, specialized knowledge and manual steps.\n\nmkcert automatically creates and installs a local CA in the system root store, and generates locally-trusted certificates. mkcert does not automatically configure servers to use the certificates, though, that's up to you.\n\n## Installation\n\n\u003e **Warning**: the `rootCA-key.pem` file that mkcert automatically generates gives complete power to intercept secure requests from your machine. Do not share it.\n\n### macOS\n\nOn macOS, use [Homebrew](https://brew.sh/)\n\n```\nbrew install mkcert\nbrew install nss # if you use Firefox\n```\n\nor [MacPorts](https://www.macports.org/).\n\n```\nsudo port selfupdate\nsudo port install mkcert\nsudo port install nss # if you use Firefox\n```\n\n### Linux\n\nOn Linux, first install `certutil`.\n\n```\nsudo apt install libnss3-tools\n    -or-\nsudo yum install nss-tools\n    -or-\nsudo pacman -S nss\n    -or-\nsudo zypper install mozilla-nss-tools\n```\n\nThen you can install using [Homebrew on Linux](https://docs.brew.sh/Homebrew-on-Linux)\n\n```\nbrew install mkcert\n```\n\nor build from source (requires Go 1.13+)\n\n```\ngit clone https://github.com/FiloSottile/mkcert \u0026\u0026 cd mkcert\ngo build -ldflags \"-X main.Version=$(git describe --tags)\"\n```\n\nor use [the pre-built binaries](https://github.com/FiloSottile/mkcert/releases).\n\n```\ncurl -JLO \"https://dl.filippo.io/mkcert/latest?for=linux/amd64\"\nchmod +x mkcert-v*-linux-amd64\nsudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert\n```\n\nFor Arch Linux users, [`mkcert`](https://archlinux.org/packages/extra/x86_64/mkcert/) is available on the official Arch Linux repository.\n\n```\nsudo pacman -Syu mkcert\n```\n\n### Windows\n\nOn Windows, use [Chocolatey](https://chocolatey.org)\n\n```\nchoco install mkcert\n```\n\nor use Scoop\n\n```\nscoop bucket add extras\nscoop install mkcert\n```\n\nor build from source (requires Go 1.10+), or use [the pre-built binaries](https://github.com/FiloSottile/mkcert/releases).\n\nIf you're running into permission problems try running `mkcert` as an Administrator.\n\n## Supported root stores\n\nmkcert supports the following root stores:\n\n* macOS system store\n* Windows system store\n* Linux variants that provide either\n    * `update-ca-trust` (Fedora, RHEL, CentOS) or\n    * `update-ca-certificates` (Ubuntu, Debian, OpenSUSE, SLES) or\n    * `trust` (Arch)\n* Firefox (macOS and Linux only)\n* Chrome and Chromium\n* Java (when `JAVA_HOME` is set)\n\nTo only install the local root CA into a subset of them, you can set the `TRUST_STORES` environment variable to a comma-separated list. Options are: \"system\", \"java\" and \"nss\" (includes Firefox).\n\n## Advanced topics\n\n### Advanced options\n\n```\n\t-cert-file FILE, -key-file FILE, -p12-file FILE\n\t    Customize the output paths.\n\n\t-client\n\t    Generate a certificate for client authentication.\n\n\t-ecdsa\n\t    Generate a certificate with an ECDSA key.\n\n\t-pkcs12\n\t    Generate a \".p12\" PKCS #12 file, also know as a \".pfx\" file,\n\t    containing certificate and key for legacy applications.\n\n\t-csr CSR\n\t    Generate a certificate based on the supplied CSR. Conflicts with\n\t    all other flags and arguments except -install and -cert-file.\n```\n\n\u003e **Note:** You _must_ place these options before the domain names list.\n\n#### Example\n\n```\nmkcert -key-file key.pem -cert-file cert.pem example.com *.example.com\n```\n\n### S/MIME\n\nmkcert automatically generates an S/MIME certificate if one of the supplied names is an email address.\n\n```\nmkcert filippo@example.com\n```\n\n### Mobile devices\n\nFor the certificates to be trusted on mobile devices, you will have to install the root CA. It's the `rootCA.pem` file in the folder printed by `mkcert -CAROOT`.\n\nOn iOS, you can either use AirDrop, email the CA to yourself, or serve it from an HTTP server. After opening it, you need to [install the profile in Settings \u003e Profile Downloaded](https://github.com/FiloSottile/mkcert/issues/233#issuecomment-690110809) and then [enable full trust in it](https://support.apple.com/en-nz/HT204477).\n\nFor Android, you will have to install the CA and then enable user roots in the development build of your app. See [this StackOverflow answer](https://stackoverflow.com/a/22040887/749014).\n\n### Using the root with Node.js\n\nNode does not use the system root store, so it won't accept mkcert certificates automatically. Instead, you will have to set the [`NODE_EXTRA_CA_CERTS`](https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file) environment variable.\n\n```\nexport NODE_EXTRA_CA_CERTS=\"$(mkcert -CAROOT)/rootCA.pem\"\n```\n\n### Changing the location of the CA files\n\nThe CA certificate and its key are stored in an application data folder in the user home. You usually don't have to worry about it, as installation is automated, but the location is printed by `mkcert -CAROOT`.\n\nIf you want to manage separate CAs, you can use the environment variable `$CAROOT` to set the folder where mkcert will place and look for the local CA files.\n\n### Installing the CA on other systems\n\nInstalling in the trust store does not require the CA key, so you can export the CA certificate and use mkcert to install it in other machines.\n\n* Look for the `rootCA.pem` file in `mkcert -CAROOT`\n* copy it to a different machine\n* set `$CAROOT` to its directory\n* run `mkcert -install`\n\nRemember that mkcert is meant for development purposes, not production, so it should not be used on end users' machines, and that you should *not* export or share `rootCA-key.pem`.\n","funding_links":["https://github.com/FiloSottile/FiloSottile/blob/main/maintenance.md#funding"],"categories":["Go","Misc","成品项目","Utilities","Finished Items","CLI","Tool","网络服务","chrome","Tools","Programming Languages","Security","Dev-Tools","Network","Miscellaneous","工具","Useful Command Line Tools"],"sub_categories":["组织","To Organize","React","网络服务_其他","Go","C.A / PKI","Transport Layer Security Tools","Server-rendered React","调试","Satellite"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFiloSottile%2Fmkcert","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FFiloSottile%2Fmkcert","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFiloSottile%2Fmkcert/lists"}