Scroll Top

MKcert - issue valid TLS certificates for localhost

In the last few years Google have been actively promoting but also mandating a move to a secure web. However, HTTPS apps and websites require TLS certificates, and while deployment is increasingly a solved issue thanks to Let’s Encrypt and their ACME protocol, development still mostly ends up happening over HTTP because no one can get a universally valid certificate for localhost and it is also dangerous or impossible to use certificates from Certificate Authorities for localhost or 127.0.0.1. Even using self-signed certificates are equally not recommended as they cause trust errors in the browser.

mkcert is a simple tool for making locally-trusted development certificates and it requires no configuration. It works for any hostname or IP, including localhost.

Mkcert provides their solution by issueing certificates that are signed by your own private CA. This will automatically create and installs a local CA in the system root store and generates locally-trusted certificates. So, when your browser loads a certificate generated by your instance of mkcert, it will show up with a green lock!

The downside to this approach is that the modification of the trust anchors normally requires root privileges. The actual trust bit is basically removed.

mkcert undoes this boundary by opening a “shortcut” where any code on the machine can mint trusted certificates for any domain (such as internet banking). On the other hand Let’s Encrypt’s ACME protocol has already removed much of the boundary because it issues their certificates without any verification, other than for users having access to the domain involved in the SSL issuance request.

 

Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.