starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #208] How does one completely uninstall this library? #135

New issue
Closed
opened 2026-02-25 22:32:41 +03:00 by kerem · 19 comments
kerem commented 2026-02-25 22:32:41 +03:00
Owner
Copy link

Originally created by @SHxKM on GitHub (Oct 13, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/208

Thanks for the useful library, however I'd like to uninstall it + remove this:

Warning: the rootCA-key.pem file that mkcert automatically generates gives complete power to intercept secure requests from your machine. Do not share it.

Where is rootCA-key.pem?

Originally created by @SHxKM on GitHub (Oct 13, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/208 Thanks for the useful library, however I'd like to uninstall it + remove this: > Warning: the rootCA-key.pem file that mkcert automatically generates gives complete power to intercept secure requests from your machine. Do not share it. Where is `rootCA-key.pem`?
kerem 2026-02-25 22:32:41 +03:00
  • closed this issue
  • added the
    question
         label
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@rfay commented on GitHub (Oct 13, 2019):

mkcert -uninstall will remove the root CA from your browser and system
rm -r "$(mkcert -CAROOT)" will then remove the root CA from your home directory.
Then you can remove mkcert however you installed it. Probably just rm $(which mkcert)

<!-- gh-comment-id:541457624 --> @rfay commented on GitHub (Oct 13, 2019): `mkcert -uninstall` will remove the root CA from your browser and system `rm -r "$(mkcert -CAROOT)"` will then remove the root CA from your home directory. Then you can remove mkcert however you installed it. Probably just `rm $(which mkcert)`
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Oct 13, 2019):

Indeed, the mkcert -uninstall step is the important one, as it makes rootCA-key.pem powerless.

<!-- gh-comment-id:541458306 --> @FiloSottile commented on GitHub (Oct 13, 2019): Indeed, the `mkcert -uninstall` step is the important one, as it makes `rootCA-key.pem` powerless.
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@SHxKM commented on GitHub (Oct 13, 2019):

@FiloSottile If I did brew uninstall mkcert and then sudo find / -name rootCA-key.pem, and deleted mkcert's folder from Application Support, am I set?

<!-- gh-comment-id:541458493 --> @SHxKM commented on GitHub (Oct 13, 2019): @FiloSottile If I did `brew uninstall mkcert` and then `sudo find / -name rootCA-key.pem`, and deleted `mkcert`'s folder from Application Support, am I set?
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Oct 16, 2019):

No, if you didn't run mkcert -uninstall the certificate is still trusted by your system. (This is only a problem if anyone obtained a copy of rootCA-key.pem.) Unfortunately if you deleted the whole mkcert folder mkcert -uninstall won't work now, so you have to remove the certificate manually from Keychain Access, as well as from the Firefox root store.

<!-- gh-comment-id:542746722 --> @FiloSottile commented on GitHub (Oct 16, 2019): No, if you didn't run `mkcert -uninstall` the certificate is still trusted by your system. (This is only a problem if anyone obtained a copy of `rootCA-key.pem`.) Unfortunately if you deleted the whole mkcert folder `mkcert -uninstall` won't work now, so you have to remove the certificate manually from Keychain Access, as well as from the Firefox root store.
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@rfay commented on GitHub (Oct 16, 2019):

Actually it's easier than that I think... Just mkcert -iinstall again and then mkcert -uninstall

<!-- gh-comment-id:542800244 --> @rfay commented on GitHub (Oct 16, 2019): Actually it's easier than that I think... Just `mkcert -iinstall` again and then `mkcert -uninstall`
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Oct 17, 2019):

No, that will make a new root, and then uninstall that new one, not the previous one.

It's so you can have multiple independent CAROOTs.

<!-- gh-comment-id:543336628 --> @FiloSottile commented on GitHub (Oct 17, 2019): No, that will make a new root, and then uninstall that new one, not the previous one. It's so you can have multiple independent CAROOTs.
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@felipevalois commented on GitHub (May 2, 2021):

@FiloSottile I have tried all of the above but the certificate still keeps showing up. What should I do?

<!-- gh-comment-id:830730269 --> @felipevalois commented on GitHub (May 2, 2021): @FiloSottile I have tried all of the above but the certificate still keeps showing up. What should I do?
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@npivaut commented on GitHub (Nov 2, 2022):

mkcert -uninstall will remove the root CA from your browser and system rm -r "$(mkcert -CAROOT)" will then remove the root CA from your home directory. Then you can remove mkcert however you installed it. Probably just rm $(which mkcert)

Thanks :)

<!-- gh-comment-id:1301421938 --> @npivaut commented on GitHub (Nov 2, 2022): > `mkcert -uninstall` will remove the root CA from your browser and system `rm -r "$(mkcert -CAROOT)"` will then remove the root CA from your home directory. Then you can remove mkcert however you installed it. Probably just `rm $(which mkcert)` Thanks :)
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@RoniWasHere commented on GitHub (Jan 31, 2023):

I can't get rid of this !

Chrome is not "forgetting" this certificate no matter what!

I've removed with mkcert -uninstall
I did rm -r "$(mkcert -CAROOT)"
I did brew remove mkcert

And still, chrome thinks my local domain is not working because of this

Screenshot 2023-01-31 at 17 15 38

<!-- gh-comment-id:1410575542 --> @RoniWasHere commented on GitHub (Jan 31, 2023): I can't get rid of this ! Chrome is not "forgetting" this certificate no matter what! I've removed with `mkcert -uninstall` I did `rm -r "$(mkcert -CAROOT)"` I did `brew remove mkcert` And still, chrome thinks my local domain is not working because of this ![Screenshot 2023-01-31 at 17 15 38](https://user-images.githubusercontent.com/121748797/215800287-89137ca5-d017-43f4-a10d-fe6e46be934f.png)
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@rfay commented on GitHub (Jan 31, 2023):

All the things you did uninstall the CA, not the cert. You seem to have a certificate installed somewhere, even though you deleted the CA. Remove the cert and key from whatever webserver is serving this.

<!-- gh-comment-id:1410586877 --> @rfay commented on GitHub (Jan 31, 2023): All the things you did uninstall the CA, not the cert. You seem to have a certificate installed somewhere, even though you deleted the CA. Remove the cert and key from whatever webserver is serving this.
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@RoniWasHere commented on GitHub (Jan 31, 2023):

The site is in docker, I've replaced the certificates with REAL ONES from Let's Encrypt, from a working server.

<!-- gh-comment-id:1410596599 --> @RoniWasHere commented on GitHub (Jan 31, 2023): The site is in docker, I've replaced the certificates with REAL ONES from Let's Encrypt, from a working server.
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@rfay commented on GitHub (Jan 31, 2023):

You haven't quite succeeded yet in replacing the certs.

<!-- gh-comment-id:1410635065 --> @rfay commented on GitHub (Jan 31, 2023): You haven't quite succeeded yet in replacing the certs.
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@RoniWasHere commented on GitHub (Jan 31, 2023):

I have removed all the generated cert files, rebuilt the dockerfile, pruned all volumes.
want to point out suggestions instead of telling useless comments?

<!-- gh-comment-id:1410895220 --> @RoniWasHere commented on GitHub (Jan 31, 2023): I have removed all the generated cert files, rebuilt the dockerfile, pruned all volumes. want to point out suggestions instead of telling useless comments?
kerem commented 2026-02-25 22:32:41 +03:00
Author
Owner
Copy link

@rfay commented on GitHub (Jan 31, 2023):

I'm just telling you that your webserver is still using a cert that you don't want it to use. This is a problem with your configuration. I understand that you think you've taken care of it, but you haven't. I can't help you beyond that. I won't reply any further.

Note that if you build certs into your Docker image you may be making a big mistake security-wise.

<!-- gh-comment-id:1410967803 --> @rfay commented on GitHub (Jan 31, 2023): I'm just telling you that your webserver is still using a cert that you don't want it to use. This is a problem with your configuration. I understand that you think you've taken care of it, but you haven't. I can't help you beyond that. I won't reply any further. Note that if you build certs into your Docker image you may be making a big mistake security-wise.
kerem commented 2026-02-25 22:32:42 +03:00
Author
Owner
Copy link

@RoniWasHere commented on GitHub (Feb 1, 2023):

@rfay

Note that if you build certs into your Docker image you may be making a big mistake security-wise.

Why on earth would you think that I'm doing it? all I did, was install mkcert on my mac, generated a certificate for my local website - put it in a VOLUME so that nginx container can use it to serve the site to the browser. that's it.

I'm using the basic nginx:latest tag - no creating my own image.

<!-- gh-comment-id:1411590252 --> @RoniWasHere commented on GitHub (Feb 1, 2023): @rfay > Note that if you build certs into your Docker image you may be making a big mistake security-wise. Why on earth would you think that I'm doing it? all I did, was install mkcert on my mac, generated a certificate for my local website - put it in a VOLUME so that nginx container can use it to serve the site to the browser. that's it. I'm using the basic `nginx:latest` tag - no creating my own image.
kerem commented 2026-02-25 22:32:42 +03:00
Author
Owner
Copy link

@nickretallack commented on GitHub (Nov 21, 2023):

I'm having issues with this as well. How do you delete a cert that was installed with mkcert? On Mac OS. Chrome still seems to be trying to use SSL when it's not there.

<!-- gh-comment-id:1821705051 --> @nickretallack commented on GitHub (Nov 21, 2023): I'm having issues with this as well. How do you delete a cert that was installed with mkcert? On Mac OS. Chrome still seems to be trying to use SSL when it's not there.
kerem commented 2026-02-25 22:32:42 +03:00
Author
Owner
Copy link

@rfay commented on GitHub (Nov 22, 2023):

mkcert -install installs a CA (Certificate Authority). It does not install certificates. You can create certificates with it and you could use those various ways.

If you want to remove the CA, you would do mkcert -uninstall and then optionally remove the directory shown by mkcert -CAROOT. If you have created certs and then used them somewhere, you just have to sort that out.

<!-- gh-comment-id:1821923299 --> @rfay commented on GitHub (Nov 22, 2023): `mkcert -install` installs a CA (Certificate Authority). It does not install certificates. You can *create* certificates with it and you could use those various ways. If you want to remove the CA, you would do `mkcert -uninstall` and then optionally remove the directory shown by `mkcert -CAROOT`. If you have created certs and then used them somewhere, you just have to sort that out.
kerem commented 2026-02-25 22:32:42 +03:00
Author
Owner
Copy link

@monty62 commented on GitHub (Nov 22, 2023):

Thank you for what you do and Happy Thanksgiving

On Tue, Nov 21, 2023, 4:55 PM Randy Fay @.***> wrote:

mkcert -install installs a CA (Certificate Authority). It does not
install certificates. You can create certificates with it and you could
use those various ways.

If you want to remove the CA, you would do mkcert -uninstall and then
optionally remove the directory shown by mkcert -CAROOT. If you have
created certs and then used them somewhere, you just have to sort that out.


Reply to this email directly, view it on GitHub
https://github.com/FiloSottile/mkcert/issues/208#issuecomment-1821923299,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ABSQW6DWRXIHMBRM2IMBLOTYFVEPPAVCNFSM4JAHRA32U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBSGE4TEMZSHE4Q
.
You are receiving this because you are subscribed to this thread.Message
ID: @.***>

<!-- gh-comment-id:1821974983 --> @monty62 commented on GitHub (Nov 22, 2023): Thank you for what you do and Happy Thanksgiving On Tue, Nov 21, 2023, 4:55 PM Randy Fay ***@***.***> wrote: > mkcert -install installs a CA (Certificate Authority). It does not > install certificates. You can *create* certificates with it and you could > use those various ways. > > If you want to remove the CA, you would do mkcert -uninstall and then > optionally remove the directory shown by mkcert -CAROOT. If you have > created certs and then used them somewhere, you just have to sort that out. > > — > Reply to this email directly, view it on GitHub > <https://github.com/FiloSottile/mkcert/issues/208#issuecomment-1821923299>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/ABSQW6DWRXIHMBRM2IMBLOTYFVEPPAVCNFSM4JAHRA32U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBSGE4TEMZSHE4Q> > . > You are receiving this because you are subscribed to this thread.Message > ID: ***@***.***> >
kerem commented 2026-02-25 22:32:42 +03:00
Author
Owner
Copy link

@Baluditor commented on GitHub (Mar 21, 2024):

For anyone having this problem, follow these instructions. This is the missing step here (at least it was for me).

<!-- gh-comment-id:2011645527 --> @Baluditor commented on GitHub (Mar 21, 2024): For anyone having this problem, follow these [instructions](https://www.codeproject.com/Articles/1010667/SSL-Connection-Error-When-Debugging-via-Localhost). This is the missing step here (at least it was for me).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#135
No description provided.