mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration.
mkcert sets up a locally trusted Certificate Authority (CA), installed into the trust stores on your computer. Any certificates issued by this CA will be trusted by the client of your choice (Chrome, Firefox, curl, etc.).
On macOS, you can install mkcert using Homebrew; for other operating systems you can find instructions in the mkcert docs.
brew install mkcert nss
# nss is only needed if you are using Firefox
Create and install the certificate authority:
mkcert -install
You should see something like::
Created a new local CA 💥
Sudo password:
The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in the Firefox trust store (requires browser restart)! 🦊
Use mkcert to generate a key and a certificate for the following hostnames:
hapi-fhir.au.localhostkeycloak.au.localhost
mkcert -key-file key.pem -cert-file cert.pem hapi-fhir.au.localhost
mkcert -key-file keycloak-key.pem -cert-file keycloak-cert.pem keycloak.au.localhost
Move the files into the \backend\certs directory and set the file permissions:
sudo chmod 655 *.pem
Update your /etc/hosts file:
sudo nano /etc/hosts
Add the hostnames, hapi-fhir.au.localhost and keycloak.au.localhost:
127.0.0.1 localhost hapi-fhir.au.localhost keycloak.au.localhost
Note: Remember that mkcert is meant for development purposes, not production, so it should not be used on end
users' machines, and that you should not export or share rootCA-key.pem.
- GitHub: mkcert