# MKCert on Linux (Create Locally Trusted SSL Certificate)

Mkcert is a simple tool used to make locally trusted development certificates. It requires no configurations to use making it a very efficient tool for developers to test their applications before deploying them for production purposes.

While using self-assigned certificates can cause trust issues, using real certificates from Certificate Authorities (CAs) for development is sometimes very impossible and at times it can be dangerous. Using your own CA is the best practice although you have to manually execute commands to use them.

Mkcert automatically creates and installs the local CA in the system root store and then generates a locally generated certificate for you. You then configure your server with the generated certificate.

Mkcert is fit for developers because it enables them to locally test their applications before they are deployed for production purposes. For production purposes, a license must be purchased from Certificate Authorities, commonly known as SSL Certificate.

Mkcert is therefore a very ideal tool for the developers. We now turn our focus on installation on Linux system.

# Step 1: Install Mkcert Tool on Linux

Installing mkcert in any Linux is a very simple process. Follow the steps below.

Update system and install wget,curl

As a matter of best practice, always update your system before any installation.

# RHEL based system
sudo yum update -y
sudo yum -y install wget curl

# Debian based systems
sudo apt update
sudo apt install wget curl

# Install certutil utility on your system

The certutil is a certificate database tool with a command-line utility to create and modify certificates and key databases. certutil Manage keys and certificates in both NSS databases and other NSS tokens

# To install mkcert dependencies

### RHEL Based Linux ###
sudo yum install nss-tools

### Debian based system ###
sudo apt update       
sudo apt install libnss3-tools

# Download and install mkcert on Linux

To download mkcert, you can visit the GitHub releases page. An alternative option is checking and downloading the latest available release for Linux using the following commands:

curl -s https://api.github.com/repos/FiloSottile/mkcert/releases/latest | grep browser_download_url | grep '\linux-amd64' | cut -d '"' -f 4 | wget -i -

The next step is to move and rename your file to /usr/bin/ folder.

sudo mv mkcert-v*-linux-amd64 /usr/bin/mkcert

Using Chmod command :

sudo chmod +x /usr/bin/mkcert

You can verify the version of mkcert installed by running the command:

$ mkcert --version
v1.4.3

# Generate Locally Trusted SSL Certificate with mkcert

# Generate Local CA

To generate a Local CA issue the command mkcert -install on your terminal.

$ mkcert -install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)! 🦊

A local CA has been installed. To locate the certificate, check the CA root directory.

mkcert -CAROOT

Command output is as shown below.

$ mkcert -CAROOT
/home/Jil/.local/share/mkcert

# Generate Local Certificate for Local website

To generate a Local Certificate for a test website (test.example.com) in the localhost 127.0.0.1

Execute the command:

mkcert test.example.com localhost 127.0.0.1 ::1

Command output:

$ mkcert test.example.com localhost 127.0.0.1 ::1
Created a new certificate valid for the following names 📜
 - "test.example.com"
 - "localhost"
 - "127.0.0.1"
 - "::1"

The certificate is at "./test.example.com+3.pem" and the key at "./test.example.com+3-key.pem" ✅

It will expire on 23 January 2024 🗓

To see the contents of the certificate :

cat ./test.example.com+3.pem

The output:

To see the contents of the key generated.

cat ./test.example.com+3-key.pem

Command Execution.

Key details above have been edited.