mkcert

mkcert creates a local certificate authority and issues locally trusted TLS certificates for development hosts, localhost names, and other local endpoints. It is built to remove the manual trust-store and OpenSSL ceremony that usually makes local HTTPS setup tedious.

• Generate trusted certificate and key files for localhost, custom domains, wildcards, IP addresses, email identities, or URI SANs during local development.
• Install or uninstall the local CA in system, NSS browser, and Java trust stores so local apps and browsers accept those certificates without warnings.
• Issue client-auth, CSR-based, ECDSA, or PKCS#12 certificates and control CA location or output paths for repeatable dev-environment setup scripts.

• The command surface is small and flag-driven, so agents can reliably run -install, -uninstall, -CAROOT, or certificate issuance commands inside local bootstrap workflows.
• Output is plain text only, which is fine for file-producing setup steps but weaker for parsing or state inspection than CLIs with real JSON output.
• Best used as a local development primitive around app setup and HTTPS verification, not as a general certificate-management interface for remote infrastructure.

• -install changes local trust stores and may require sudo, certutil, or keytool depending on platform and browser setup.
• The generated rootCA-key.pem is sensitive and the project is explicitly intended for development rather than production certificate workflows.