starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #210] Can I use it on the LAN network? #137

New issue
Closed
opened 2026-02-25 22:32:42 +03:00 by kerem · 3 comments
kerem commented 2026-02-25 22:32:42 +03:00
Owner
Copy link

Originally created by @chaihongjun on GitHub (Oct 23, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/210

There is a server (IP:192.168.0.222 ) in the LAN, I have configured it with the LAN DNS service (dnsmasq), and this server is also doing Web services. Now I want to install mkcert on it, as a CA certificate organization.Will it work?

Originally created by @chaihongjun on GitHub (Oct 23, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/210 There is a server (IP:192.168.0.222 ) in the LAN, I have configured it with the LAN DNS service (dnsmasq), and this server is also doing Web services. Now I want to install mkcert on it, as a CA certificate organization.Will it work?
kerem 2026-02-25 22:32:42 +03:00
  • closed this issue
  • added the
    question
         label
kerem commented 2026-02-25 22:32:42 +03:00
Author
Owner
Copy link

@rfay commented on GitHub (Oct 23, 2019):

A cert verifies the domain name not any IP address. The verification happens in your browser or other client though.

However, you seem to be talking about generating certs on a server and trying to trust them on clients. That will require you to have the clients trust the CA. See https://github.com/FiloSottile/mkcert/blob/master/README.md#installing-the-ca-on-other-systems for a general approach.

What we do is essentially:

  • Install CA on server and clients
  • Run mkcert -install on server
  • Copy that CA to clients per the readme and mkcert -install it on the clients
  • Now certs generated on the server are trusted by the clients.
<!-- gh-comment-id:545316318 --> @rfay commented on GitHub (Oct 23, 2019): A cert verifies the *domain name* not any IP address. The verification happens in your browser or other client though. However, you seem to be talking about generating certs on a server and trying to trust them on clients. That will require you to have the clients trust the CA. See https://github.com/FiloSottile/mkcert/blob/master/README.md#installing-the-ca-on-other-systems for a general approach. What we do is essentially: * Install CA on server and clients * Run mkcert -install on server * Copy that CA to clients per the readme and `mkcert -install` it on the clients * Now certs generated on the server are trusted by the clients.
kerem commented 2026-02-25 22:32:42 +03:00
Author
Owner
Copy link

@i300220 commented on GitHub (Jan 17, 2021):

What if the client is Windows XP? I know it's obsolete but I still use it on one dedicated computer. Your amd64 mkcert won't work there. I tried to put the cert in %Appdata%/mkcert but don't know whether or not it's enough.

Second question. What if I have 2 servers on my LAN and I want to generate certs for both (could be identical I don't care) and use the cert(s) on the LAN clients.

Your method works well for 1 server actually. I'm not keen to experiment with 2 servers. Hence my question.

Best regards, and thanks for that awesome tool. It's long time need. In fact who os the best to certify a certificate if not oneself. Certainly not greedy companies that keep your key for a fee on top of that. It.s a LAN.

Best!

<!-- gh-comment-id:761861659 --> @i300220 commented on GitHub (Jan 17, 2021): What if the client is Windows XP? I know it's obsolete but I still use it on one dedicated computer. Your amd64 mkcert won't work there. I tried to put the cert in %Appdata%/mkcert but don't know whether or not it's enough. Second question. What if I have 2 servers on my LAN and I want to generate certs for both (could be identical I don't care) and use the cert(s) on the LAN clients. Your method works well for 1 server actually. I'm not keen to experiment with 2 servers. Hence my question. Best regards, and thanks for that awesome tool. It's long time need. In fact who os the best to certify a certificate if not oneself. Certainly not greedy companies that keep your key for a fee on top of that. It.s a LAN. Best!
kerem commented 2026-02-25 22:32:42 +03:00
Author
Owner
Copy link

@maxsyst commented on GitHub (Dec 11, 2025):

hello world, anyone can use like "https://192.168.101.2" get the green tag visit servie?

<!-- gh-comment-id:3639708599 --> @maxsyst commented on GitHub (Dec 11, 2025): hello world, anyone can use like "https://192.168.101.2" get the green tag visit servie?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#137
No description provided.