DEV Community


Posted on


Custom SSL Certificates for Your Dev Environment

This article will explain how to setup a SSL certificate for all your HTTPS development needs.

Note: This is for development environments ONLY!

We will explore how to setup a certificate, tell our computer to trust it, how to use it in a basic NodeJS server, and how to delete the certificate from our trust store after we are done.

Step 1 (Installation)

We will be using a tool called mkcert:


Via Chocolatey:

choco install mkcert
Enter fullscreen mode Exit fullscreen mode

Via Scoop

scoop bucket add extras
scoop install mkcert
Enter fullscreen mode Exit fullscreen mode


Via Brew

brew install mkcert
Enter fullscreen mode Exit fullscreen mode

and (Firefox)

brew install nss
Enter fullscreen mode Exit fullscreen mode

Other installation methods for macOS and Linux are on the mkcert github repo

Step 2 (Create the certificate)

The following command will create 2 files depending on your input

mkcert %your-domain-here%
Enter fullscreen mode Exit fullscreen mode

Replace %your-domain-here% with the domain you would like to secure for your computer. As we are going to be using this for development, I shall use localhost as such:

mkcert localhost
Enter fullscreen mode Exit fullscreen mode

For my command, the following 2 files were created:

files for localhost
That's it! Its as simple as that for creating the certificate.

Step 3 (Trusting the certificate)

Time to tell our computer that our certificate is alright to trust!

In the same directory as both of your files, run the following command regardless of your domain:

mkcert -install
Enter fullscreen mode Exit fullscreen mode

On Windows, mkcert will kindly warn us of the danger:

Windows warning
The redacted information will be specific to your computer.

Done! Now our computer has no problem whatsoever with our certificate.

Step 4 (Using it!)

The following implementation is in NodeJS and uses the Express framework.

The following code will sum up exactly what we need:

const express = require('express');

const https = require('https');
const fs = require('fs');
const path = require('path');

const certificate = {
    key: fs.readFileSync(path.resolve('./localhost-key.pem')),
    cert: fs.readFileSync(path.resolve('./localhost.pem'))

const app = express();

app.get('/', function (req, res) {
    res.end('Am I secure?');

const server = https.createServer(certificate, app);

server.listen(443, () => {
    console.log('HTTPS server is UP! https://localhost/');
Enter fullscreen mode Exit fullscreen mode

Run this server:

node server.js
Enter fullscreen mode Exit fullscreen mode

We are officially using
HTTPS in a development environment!

You should be able to go to localhost and see that beautiful lock.
HTTPS Secure Lock

After every development session, I highly suggest you tell the computer to not trust the certificate just in case the certificate is accidently pushed to Git or the project is abandoned because we do not want to leave random certificates trusted.

The command to remove the certificate from the trust store is as below regardless of your domain:

mkcert -uninstall
Enter fullscreen mode Exit fullscreen mode

NOTE: I had to restart my browser for the certificate to not be trusted

Well, that's it for SSL certificates for development. This is my first article so I hope this helped someone. I can be contacted at Check out my github profile.

Bye! ✌

Top comments (0)

The JavaScript Brief

Dive into the world of JavaScript with these three trendworthy articles that you cannot miss this week!

7 JavaScript Web APIs to build Futuristic Websites you didn't know

Explore the world of overlooked Web APIs that can bring your next project to new heights πŸŒ•πŸš€. Some of the best Web APIs include Screen Capture API, Clipboard API and Web Workers API. Get informed and cast a glance at some of the future stars of web development.

10 GitHub Repositories You Should Know as a JavaScript Developer

Elevate your skills as a JavaScript developer with these 10 top GitHub repositories. Ranging from NodeJS best practices to diverse libraries and collections, these repositories are a must-know for any dedicated JS dev.

20 Killer JavaScript One-Liners That’ll Save You Hours of Coding

Multiply your coding agility with 20 essential JavaScript one-liners πŸš€ that save both time and energy when developing. Discover amazing one-liners for finding max value in an array, capitalizing the first letter of a phrase, generate secure ID, among many others.

Get inspired, and level up your JavaScript game with this week's top reads! πŸŽ’πŸ§—