In local development environments, self-signed certificates are usually used to enable HTTPS. However, self-signed certificates are marked as insecure by browsers by default because they are not issued by trusted certificate authorities (CA). mkcert solves this problem. It can generate certificates that are fully trusted locally, just like those issued by regular CAs. mkcert is an open-source tool for creating locally trusted development certificates. The Github address is: https://github.com/FiloSottile/mkcert. It has characteristics such as easy to use, cross-platform, secure and reliable. Below is an introduction on how to use mkcert to apply for localhost certificates.
1. Install mkcert
1. Install Dependencies (Only applicable to some systems)
- macOS: If you encounter an x509: certificate signed by unknown authority error during installation, you may need to install Homebrew's ca-certificates package first:
brew install curl && brew install openssl && brew install ca-certificates
- Linux (using Ubuntu as an example): If you encounter missing dependencies, you can install the following packages:
sudo apt-get install libnss3-tools
2. Install mkcert
- macOS (using Homebrew):
brew install mkcert
Windows (using Scoop):
scoop install mkcert
Linux: You can download pre-compiled binaries from the release page or install from source. For example, after downloading the binary file for Linux from the release page, move it to the /usr/local/bin/ directory and grant execution permissions:
wget "https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64"
sudo mv mkcert-v1.4.4-linux-amd64 /usr/local/bin/mkcert
sudo chmod +x /usr/local/bin/mkcert
2. Generate Certificate
Generate certificate for localhost:
mkcert -install
mkcert localhost 127.0.0.1 ::1
The mkcert -install command is used to install the root certificate generated by mkcert into the current system's trust store, so that the generated certificates will be trusted by the system.
The mkcert localhost 127.0.0.1 ::1 command is used to generate certificates for localhost, 127.0.0.1, and ::1 (IPv6 local loopback address).
The generated certificate files include localhost.pem (certificate file) and localhost-key.pem (private key file).
3. Use Certificates in Different Environments
1. Node.js (Using Express Framework Example)
const express = require('express');
const fs = require('fs');
const https = require('https');
const app = express();
const options = {
key: fs.readFileSync('localhost-key.pem'),
cert: fs.readFileSync('localhost.pem'),
};
https.createServer(options, app).listen(3000, () => {
console.log('HTTPS server running on port 3000');
});
2. Nginx
Modify the Nginx configuration file (usually located at /etc/nginx/sites-available/default or similar location), add the following content:
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /path/to/localhost.pem;
ssl_certificate_key /path/to/localhost-key.pem;
location / {
# Your application processing logic
}
}
Reload Nginx configuration:
sudo service nginx reload
3. Apache
Modify the Apache configuration file (usually located at /etc/apache2/sites-available/000-default.conf or similar location), add the following content:
<VirtualHost *:443>
ServerName localhost
SSLEngine on
SSLCertificateFile /path/to/localhost.pem
SSLCertificateKeyFile /path/to/localhost-key.pem
# Your application processing logic
</VirtualHost>
Reload Apache configuration:
sudo service apache2 reload
Through the above steps, you can use mkcert to create certificates for localhost and use these certificates in different development environments to enable HTTPS. This can simulate a real HTTPS environment during local development, ensuring that the developed application functions normally in terms of secure connections.