One of the biggest problems that web developers face is to run a website on their local machines under https. Using OpenSSL to generate a certificate for localhost does not work because most browsers do not accept self-signed certificates.
mkcert is a life-saver in this case. What it does is that it creates its own authority which certifies the SSL certificate. Of course this only works if you are using the domain in your local system and not on a public server.
We will see how to setup mkcert on Ubuntu, such that sites hosted on Apache webserver can then be run on https locally.
First we install the Network Security Service tools package using
sudo apt install lib-nss3-tools
mkcert uses the brew installer for installation, so we need to install brew using
sudo apt install linuxbrew-wrapper
We install mkcert by typing
brew install mkcert
After installation the location of mkcert will be in
We will now create the local Certificate Authority (CA) installed in the trust store:
Now we create the SSL for a domain that you are using locally on the system eg.mysite.test
Two files will be created in the current folder:
1.mysite.test.pem which is the certificate file
2.mysite.test-key.pem which is the key file
Now these two files can be used in Apache to run the domain under SSL
We first enable the ssl-mod for Apache:
sudo a2enmod ssl
sudo systemctl restart apache2
We have to configure the target domain to work with the new certificate files.
cp default-ssl.conf mysite.test.conf
Open mysite.test.conf in an editor and make the following changes:
DocumentRoot <whatever the root folder is>
Save the file
Enable the site :
sudo a2ensite mysite.test.conf
sudo systemctl reload apache2
Make sure that there is an entry for mysite.test in /etc/hosts
Now you should be able to open https://mysitetest.conf