A simple zero-config tool to make locally trusted development certificates with any names you'd like.
BSD-3-CLAUSE License
Published by FiloSottile over 2 years ago
Firefox packaged in a Snap, which is the default browser of Ubuntu 22.04, is now supported ✅
Fixed a crash when a CSR doesn't have SANs 💥
Calling mkcert
with no arguments only prints the help text 🤫
Pre-built binaries for windows/arm64 and darwin/arm64 🧱
Pre-built binaries are now available at stable URLs like these 🔗
https://dl.filippo.io/mkcert/latest?for=linux/amd64
https://dl.filippo.io/mkcert/v1.4.4?for=windows/arm64
Published by FiloSottile almost 4 years ago
The EKU logic is now simpler, and it follows the following rules
-client
is used, clientAuth is includedCertificate generation based on CSRs is now consistent with standard certificate generation.
Releases are now built from GitHub Actions.
Published by FiloSottile almost 4 years ago
The Go import path of the module is now filippo.io/mkcert, which should only affect users installing the tool with go get
, which was never a recommended installation method.
Published by FiloSottile almost 5 years ago
Note: packagers building from source now need to set the version like -ldflags "-X main.Version=$VERSION"
sudo
when necessary to install in system-wide NSS stores (#192)-version
flag (#191)Published by FiloSottile about 5 years ago
macOS 10.15 Catalina introduced certificate lifespan limits which block mkcert certificates. As a temporary measure, mkcert certificates now have a fixed notBefore date of June 1st, 2019. Once the ACME server is implemented, certificate lifespan will be shortened to 3 months. (#174)
Certificates generated by previous versions of mkcert after July 1st, 2019 will not work on macOS 10.15 Catalina, and will have to be regenerated. The root CA is unaffected and there is no need to rerun mkcert -install
.
URL (#166) and email (for S/MIME, #152) SANs are now supported.
Client certificates are now created with a -client
filename suffix, and they claim the serverAuth EKU as well as the clientAuth one.
The certificate subject now includes the full user name, like [email protected] (Filippo Valsorda)
.
SLES, OpenSUSE (#162), Snapcraft (#116), and CentOS 7 (#120) are now supported.
Linux release binaries are now fully static, and will work regardless of the system libc. (#169)
Published by FiloSottile over 5 years ago
🔬 New advanced options:
-ecdsa
to generate ECDSA private keys-client
to generate client certificates-csr
to sign certificate signing requests$TRUST_STORES
to select what stores to install intoAlso, in other news:
Published by FiloSottile almost 6 years ago
-cert-file
, -key-file
and -p12-file
flagsPublished by FiloSottile about 6 years ago
Published by FiloSottile about 6 years ago
Published by FiloSottile about 6 years ago
A round of new supported root stores and formats, all contributions from the community.
Published by FiloSottile about 6 years ago
Earlier versions of mkcert ran into an iOS bug, if you can't see the root in "Certificate Trust Settings" you might have to update mkcert and regenerate the root.
Published by FiloSottile over 6 years ago
Published by FiloSottile over 6 years ago
This release fixes the "certutil -A" issue.
Published by FiloSottile over 6 years ago
mkcert v1 is almost ready. This is a release candidate for testing on Linux.