starred/mkcert

Fork 0

mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00

[GH-ISSUE #42] Windows Support #21

New issue

Closed

opened 2026-02-25 22:32:23 +03:00 by kerem · 8 comments

kerem commented

2026-02-25 22:32:23 +03:00

Owner

Originally created by @klauern on GitHub (Jul 7, 2018).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/42

I know it's mentioned in the README that this support is coming soon, but I'd like to correlate it to an issue that can be tracked. :)

Originally created by @klauern on GitHub (Jul 7, 2018). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/42 I know it's mentioned in the [README](https://github.com/FiloSottile/mkcert#installation) that this support is coming soon, but I'd like to correlate it to an issue that can be tracked. :)

kerem

2026-02-25 22:32:23 +03:00

closed this issue
added the
enhancement

help wanted
labels

kerem commented

2026-02-25 22:32:23 +03:00

Author

Owner

@sebdeckers commented on GitHub (Jul 11, 2018):

Here is the Windows solution to entrust certificates in the OS store:
https://gitlab.com/sebdeckers/tls-keygen/blob/master/index.js#L202-224

Should be easy for someone to port this over to Golang.

Just found out about mkcert. Half a year ago I implemented a similar tool using Node.js for Mac/Lin/Win.

🗝 tls-keygen

NPM: tls-keygen
Code: GitLab.com/sebdeckers/tls-keygen

@sebdeckers commented on GitHub (Jul 11, 2018): Here is the Windows solution to entrust certificates in the OS store: https://gitlab.com/sebdeckers/tls-keygen/blob/master/index.js#L202-224 Should be easy for someone to port this over to Golang. Just found out about mkcert. Half a year ago I implemented a similar tool using Node.js for Mac/Lin/Win. 🗝 `tls-keygen` - NPM: [tls-keygen](https://www.npmjs.com/package/tls-keygen) - Code: [GitLab.com/sebdeckers/tls-keygen](https://gitlab.com/sebdeckers/tls-keygen)

kerem commented

2026-02-25 22:32:23 +03:00

Author

Owner

@cretz commented on GitHub (Jul 11, 2018):

Alternatively you can use crypt32.dll, see this reference. Specifically, you can probably call CertAddEncodedCertificateToSystemStoreA with "ROOT" and the raw cert bytes (ASN I would guess).

Edit: I'll probably just make a PR for this functionality

@cretz commented on GitHub (Jul 11, 2018): Alternatively you can use `crypt32.dll`, see [this reference](https://docs.microsoft.com/en-us/windows/desktop/seccrypto/managing-a-certificate-store-state). Specifically, you can probably call [CertAddEncodedCertificateToSystemStoreA](https://docs.microsoft.com/en-us/windows/desktop/api/Wincrypt/nf-wincrypt-certaddencodedcertificatetosystemstorea) with "ROOT" and the raw cert bytes (ASN I would guess). Edit: I'll probably just make a PR for this functionality

kerem commented

2026-02-25 22:32:23 +03:00

Author

Owner

@cretz commented on GitHub (Jul 11, 2018):

Done, ref #46. I signed the CLA too.

@cretz commented on GitHub (Jul 11, 2018): Done, ref #46. I signed the CLA too.

kerem commented

2026-02-25 22:32:23 +03:00

Author

Owner

@JacobDB commented on GitHub (Jul 17, 2018):

Having this work with WSL, and not just CMD would be awesome. Not sure how that would work interfacing between the Linux environment and Windows though.

@JacobDB commented on GitHub (Jul 17, 2018): Having this work with [WSL](https://docs.microsoft.com/en-us/windows/wsl/about), and not just CMD would be awesome. Not sure how that would work interfacing between the Linux environment and Windows though.

kerem commented

2026-02-25 22:32:23 +03:00

Author

Owner

@adamdecaf commented on GitHub (Jul 17, 2018):

Doesn't WSL (with Ubuntu) use the Ubuntu certificate store filepath? IIRC there was nothing windows specific when I tried it.

@adamdecaf commented on GitHub (Jul 17, 2018): Doesn't WSL (with Ubuntu) use the Ubuntu certificate store filepath? IIRC there was nothing windows specific when I tried it.

kerem commented

2026-02-25 22:32:23 +03:00

Author

Owner

@cretz commented on GitHub (Jul 17, 2018):

It all comes down to how it's compiled. If it's compiled with Linux Go in WSL, when run it will do the Linux thing. If it's compiled with Windows Go, it will do the Windows thing. Do in theory, due to the fact that WSL can execute Windows .exes, you can download/have two mkcert executables callable in WSL, one that does a Linux thing and one that does a Windows thing :-)

Note, it does not appear that WSL and Windows share root stores. There is this question out there: https://github.com/Microsoft/WSL/issues/3161

@cretz commented on GitHub (Jul 17, 2018): It all comes down to how it's compiled. If it's compiled with Linux Go in WSL, when run it will do the Linux thing. If it's compiled with Windows Go, it will do the Windows thing. Do in theory, due to the fact that WSL can execute Windows `.exe`s, you can download/have two `mkcert` executables callable in WSL, one that does a Linux thing and one that does a Windows thing :-) Note, it does not appear that WSL and Windows share root stores. There is this question out there: https://github.com/Microsoft/WSL/issues/3161

kerem commented

2026-02-25 22:32:23 +03:00

Author

Owner

@Geczy commented on GitHub (Jul 29, 2018):

Any updaet

@Geczy commented on GitHub (Jul 29, 2018): Any updaet

kerem commented

2026-02-25 22:32:23 +03:00

Author

Owner

@2PintChristianN commented on GitHub (Sep 9, 2025):

Noticed that the binary is not signed on windows, which makes windows defender less than happy :/ Borderline bug in our situation.

@2PintChristianN commented on GitHub (Sep 9, 2025): Noticed that the binary is not signed on windows, which makes windows defender less than happy :/ Borderline bug in our situation.

kerem referenced this issue

2026-02-25 22:33:16 +03:00

[PR #26] [CLOSED] added simple flag to print the CAROOT var #360