mkcert - zero-config tool to make locally trusted certificates
Usage of mkcert:
- $ mkcert -install
- Install the local CA in the system trust store.
- $ mkcert example.org
- Generate "example.org.pem" and
"example.org-key.pem".
- $ mkcert example.com myapp.dev localhost 127.0.0.1
::1
- Generate "example.com+4.pem" and
"example.com+4-key.pem".
- $ mkcert "*.example.it"
- Generate "_wildcard.example.it.pem" and
"_wildcard.example.it-key.pem".
- $ mkcert -uninstall
- Uninstall the local CA (but do not delete it).
Advanced options:
-cert-file FILE, -key-file FILE, -p12-file
FILE
- Customize the output paths.
-client
- Generate a certificate for client authentication.
-ecdsa
- Generate a certificate with an ECDSA key.
-pkcs12
- Generate a ".p12" PKCS #12 file, also know as a ".pfx"
file, containing certificate and key for legacy applications.
-csr CSR
- Generate a certificate based on the supplied CSR. Conflicts with all other
flags and arguments except -install and -cert-file.
-CAROOT
- Print the CA certificate and key storage location.
- $CAROOT (environment variable)
- Set the CA certificate and key storage location. (This allows maintaining
multiple local CAs in parallel.)
- $TRUST_STORES (environment variable)
- A comma-separated list of trust stores to install the local root CA into.
Options are: "system", "java" and "nss"
(includes Firefox). Autodetected by default.
The full documentation for mkcert is maintained as a
Texinfo manual. If the info and mkcert programs are properly
installed at your site, the command
- info mkcert
should give you access to the complete manual.