mkcert
Generate locally-trusted TLS certificates for development. Use when you need to understand how mkcert works, need to generate certificates manually outside of ssl-proxy, need to check if mkcert is installed, or are debugging certificate trust issues. Triggers include "mkcert", "local certificate", "self-signed cert", "trusted cert localhost", "local CA".
Best use case
mkcert is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Generate locally-trusted TLS certificates for development. Use when you need to understand how mkcert works, need to generate certificates manually outside of ssl-proxy, need to check if mkcert is installed, or are debugging certificate trust issues. Triggers include "mkcert", "local certificate", "self-signed cert", "trusted cert localhost", "local CA".
Teams using mkcert should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/mkcert/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How mkcert Compares
| Feature / Agent | mkcert | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Generate locally-trusted TLS certificates for development. Use when you need to understand how mkcert works, need to generate certificates manually outside of ssl-proxy, need to check if mkcert is installed, or are debugging certificate trust issues. Triggers include "mkcert", "local certificate", "self-signed cert", "trusted cert localhost", "local CA".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# mkcert mkcert is a simple tool for making locally-trusted development certificates. It creates a local certificate authority (CA) and installs it into your system trust store. ## Check if installed ```bash which mkcert mkcert --version ``` ## Install mkcert ```bash # macOS brew install mkcert # macOS/Linux (NSS support for Firefox) brew install nss # optional, for Firefox support # Windows choco install mkcert # Direct download # https://github.com/FiloSottile/mkcert/releases ``` ## Install the root CA Run once per machine. Installs a root CA into your system keychain so all mkcert-generated certs are trusted. ```bash mkcert -install ``` This requires admin access (macOS Keychain password or sudo on Linux). ## Generate a certificate ```bash # For localhost only mkcert localhost # For localhost + 127.0.0.1 + ::1 (recommended) mkcert localhost 127.0.0.1 ::1 # For a custom domain mkcert myapp.test localhost 127.0.0.1 ::1 # Specify output directory mkcert -cert-file /path/to/cert.pem -key-file /path/to/key.pem localhost ``` Output: - `localhost.pem` - the certificate - `localhost-key.pem` - the private key (keep this secret, 0600 permissions) ## View CA location ```bash mkcert -CAROOT # e.g. /Users/you/Library/Application Support/mkcert ``` The CA files are at this path: - `rootCA.pem` - the CA certificate (safe to share/copy) - `rootCA-key.pem` - the CA private key (never share this, 0600 permissions) ## Uninstall CA ```bash mkcert -uninstall ``` Removes the CA from your system trust store. Existing certificates generated from this CA will no longer be trusted. ## How it works 1. `mkcert -install` generates a root CA (`rootCA.pem` + `rootCA-key.pem`) and adds `rootCA.pem` to your system trust store 2. `mkcert localhost` uses the root CA to sign a new certificate for `localhost` 3. Because your system trusts the root CA, it also trusts all certs signed by it 4. Browsers trust whatever the OS trust store says, so no security warnings ## Key paths by platform | Platform | CA root directory | |---|---| | macOS | `~/Library/Application Support/mkcert` | | Linux | `~/.local/share/mkcert` | | Windows | `%LOCALAPPDATA%\mkcert` | ## Security notes - The root CA private key (`rootCA-key.pem`) must stay on your machine. Never commit it or share it. - File permissions on `rootCA-key.pem` should be `0600`. - mkcert-generated certs are only valid for your local machine because only your machine has the CA in its trust store. - The CA is NOT trusted by other machines - this is by design. ## Troubleshooting ### Firefox still shows warning Install NSS support: `brew install nss`, then re-run `mkcert -install`. ### "permission denied" when running -install On Linux, you need sudo: `sudo mkcert -install`. On macOS, you need your Keychain password. ### Certificate not trusted in Chrome on Linux Chrome on Linux uses the NSS database. Install NSS tools: `sudo apt install libnss3-tools`, then `mkcert -install` again.
Related Skills
Skill: Uptime Monitoring
## Overview
Skill: Status Page
## Overview
Skill: unit-conversion
## Overview
Skill: recipe-scaler
## Overview
reading-list
Operate the reading-list API to save, manage, tag, search, and export articles.
email-digest
Configure, test, and troubleshoot the reading-list daily email digest delivered via nodemailer.
websocket-realtime
Use the WebSocket connection in poll-builder to receive live vote updates. Use when you need to stream real-time poll results, monitor a poll for new votes, or build a live dashboard. Triggers include "live results", "real-time updates", "stream votes", "watch poll", or "WebSocket".
poll-builder
Self-hosted poll creation tool with real-time results. Use when you need to create a poll, check vote counts, close a poll, export results, or get the shareable link for a poll. Triggers include "create poll", "vote", "poll results", "survey", "collect votes", "share poll", or any task involving polling or voting.
Skill: personal-finance
## Overview
Skill: csv-import
## Overview
Skill: Syntax Highlighting
## Purpose
Skill: Pastebin Core
## Purpose