Scroll to navigation

MKCERT(1) User Commands MKCERT(1)

NAME

mkcert - zero-config tool to make locally trusted certificates

DESCRIPTION

Usage of mkcert:

$ mkcert -install
Install the local CA in the system trust store.
$ mkcert example.org
Generate "example.org.pem" and "example.org-key.pem".
$ mkcert example.com myapp.dev localhost 127.0.0.1 ::1
Generate "example.com+4.pem" and "example.com+4-key.pem".
$ mkcert "*.example.it"
Generate "_wildcard.example.it.pem" and "_wildcard.example.it-key.pem".
$ mkcert -uninstall
Uninstall the local CA (but do not delete it).

Advanced options:

-cert-file FILE, -key-file FILE, -p12-file FILE

Customize the output paths.

-client

Generate a certificate for client authentication.

-ecdsa

Generate a certificate with an ECDSA key.

-pkcs12

Generate a ".p12" PKCS #12 file, also know as a ".pfx" file, containing certificate and key for legacy applications.

-csr CSR

Generate a certificate based on the supplied CSR. Conflicts with all other flags and arguments except -install and -cert-file.

-CAROOT

Print the CA certificate and key storage location.
$CAROOT (environment variable)
Set the CA certificate and key storage location. (This allows maintaining multiple local CAs in parallel.)
$TRUST_STORES (environment variable)
A comma-separated list of trust stores to install the local root CA into. Options are: "system", "java" and "nss" (includes Firefox). Autodetected by default.

SEE ALSO

The full documentation for mkcert is maintained as a Texinfo manual. If the info and mkcert programs are properly installed at your site, the command

info mkcert

should give you access to the complete manual.

November 2021 mkcert