labs / tiddlers / content / labs / lab13 / _Labs_13_Install mkcert CA
  1. Download a copy of mkcert from:

    • Windows users should download mkcert-v1.4.3-windows-amd64.exe
    • Linux users should download mkcert-v1.4.3-linux-amd64
    • Mac (Intel CPU) should download mkcert-v1.4.3-darwin-amd64
    • Mac (M1 ARM CPU) should download mkcert-v1.4.3-darwin-m1 from the labs section of Blackboard. We have created a build for your CPU, but we don't have an M1 Mac to test it with. If you do get this working on an M1 then let us know.
  2. Create an mkcert folder in your <> folder. Copy the mkcert file that you downloaded into this folder.

  3. Rename the file that you copied to mkcert to make it easier to type into a terminal since mkcert is a terminal application.

  4. Open the <> folder in a terminal.

  5. Generate and install the CA certificate using the following command.

    Windows Users (via PowerShell)

    $env:CAROOT = pwd; $env:TRUST_STORES = 'system'; .\mkcert.exe -install

    Mac Users

    chmod u+x mkcert
    CAROOT=$(pwd) TRUST_STORES=system ./mkcert -install

    Mac users may need to jump through the usual hoops with the Security & Privacy settings to run the command.

    Linux Users

    chmod u+x mkcert
    CAROOT=$(pwd) TRUST_STORES=system,nss ./mkcert -install

    The chmod command is needed (Mac/Linux only) since the file is not currently executable. This adds the executable mode to the file.

    Leave the terminal window open since we will be using it again very soon.

  6. You should see two new files in the mkcert folder. These are the new CA certificate and the private key for the certificate.

  7. Restart your web browser so that it will pick up the new CA certificate.

  8. You can check if the new CA certificate has been added to your system as follows:


    Run certmgr.msc. You should see the mkcert certificate under <


    Note that Firefox is not currently supported by mkcert under Windows, so you will need to use Chrome (or one of the Chrome derivatives) for the remainder of this exercise.


    ls -l /etc/ssl/certs/mkcert*

    You can also check the certificates in Chrome by entering the following into the location bar:


    Look in the <

    > tab. You should find org-mkcert development CA in the list.


    Use the 'Keychain Access' application. Search for mkcert.