// the find
FiloSottile/mkcert
A simple zero-config tool to make locally trusted development certificates with any names you'd like.
mkcert is a CLI tool that creates a local certificate authority and issues certificates trusted by your browser, OS, and Java — all in two commands. It's for developers who are tired of clicking through TLS warnings on localhost or fighting openssl to generate a cert that Chrome actually accepts. Filippo Valsorda (ex-Go security team) wrote it, which shows in the implementation quality.
The zero-config design is genuine: one 'mkcert -install', one 'mkcert localhost', done. No config files, no openssl flags to memorize. The platform coverage is thorough — system stores on Windows, macOS, and major Linux distros, plus Firefox's NSS database, Java's truststore, and Chrome all handled automatically. The codebase is tiny and readable: a handful of Go files with per-platform trust store logic split cleanly by build tags, easy to audit if you care about what's touching your root store. The CA isolation is smart — the root CA key never leaves your machine and is stored in user-space, not system directories.
Last commit was August 2024 and there are hundreds of open issues, several touching real bugs on specific distros and newer macOS versions — the project feels in maintenance mode at best. Mobile trust is second-class: iOS requires manual profile installation through Settings and Android requires modifying app builds, so it's not actually zero-config for mobile development. Node.js ignoring system trust stores is a real footgun that requires a workaround env var every developer will eventually forget to set. There's no built-in renewal or expiry management — the generated certs have a fixed validity window and when they expire you just run the command again, which is fine until it isn't and you're debugging a CI failure at 11pm.