starred/mkcert

Fork 0

mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 13:36:02 +03:00

[GH-ISSUE #383] Is it pssible to create ONE certificate to be used by all of my local development? #253

New issue

Open

opened 2026-02-25 22:32:58 +03:00 by kerem · 9 comments

kerem commented

2026-02-25 22:32:58 +03:00

Owner

Originally created by @Nefcanto on GitHub (Jul 16, 2021).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/383

I have a lot of websites and web apps. I'm using .local as my development TLD. For example:

shop.local
user.game.local
api.geo.local
admin.cars.local
investor.brokerage.local
...

This list is not known beforehand, thus I can't use SAN.

But is there possible to create ONE and ONLY ONE general *.* certificate that can be used by all of these local domains?

Originally created by @Nefcanto on GitHub (Jul 16, 2021). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/383 I have a lot of websites and web apps. I'm using `.local` as my development TLD. For example: - shop.local - user.game.local - api.geo.local - admin.cars.local - investor.brokerage.local - ... This list is not known beforehand, thus I can't use SAN. But is there possible to create ONE and ONLY ONE general `*.*` certificate that can be used by all of these local domains?

kerem commented

2026-02-25 22:32:58 +03:00

Author

Owner

@rfay commented on GitHub (Jul 16, 2021):

mkcert -h shows you how to create a cert with many domain names, including wildcards.

$ mkcert example.com myapp.dev localhost 127.0.0.1 ::1
Generate "example.com+4.pem" and "example.com+4-key.pem".

Just list all of your domains there.

@rfay commented on GitHub (Jul 16, 2021): `mkcert -h` shows you how to create a cert with many domain names, including wildcards. > $ mkcert example.com myapp.dev localhost 127.0.0.1 ::1 Generate "example.com+4.pem" and "example.com+4-key.pem". Just list all of your domains there.

kerem commented

2026-02-25 22:32:58 +03:00

Author

Owner

@Nefcanto commented on GitHub (Jul 16, 2021):

Thank you @rfay for answering.

The point is, I don't know the name of the domains. Thus I can't list them there. Does this command work?

mkcert *.*

@Nefcanto commented on GitHub (Jul 16, 2021): Thank you @rfay for answering. The point is, I don't know the name of the domains. Thus I can't list them there. Does this command work? `mkcert *.*`

kerem commented

2026-02-25 22:32:58 +03:00

Author

Owner

@rfay commented on GitHub (Jul 16, 2021):

No, you can't create certs without knowing the names of the domains you're creating the certs for.

I maintain ddev though, that does all this for you on the fly (using mkcert). Maybe that would be an option for you.

But no, you cannot use any tool to create an "Accept-anything" cert. This is about certs and how they work, it's not about mkcert. You'd have to write your own browser and neuter its capabilities to do that. It's called "http" instead of "https".

@rfay commented on GitHub (Jul 16, 2021): No, you can't create certs without knowing the names of the domains you're creating the certs for. I maintain [ddev](https://github.com/drud/ddev) though, that does all this for you on the fly (using mkcert). Maybe that would be an option for you. But no, you cannot use any tool to create an "Accept-anything" cert. This is about certs and how they work, it's not about mkcert. You'd have to write your own browser and neuter its capabilities to do that. It's called "http" instead of "https".

kerem commented

2026-02-25 22:32:58 +03:00

Author

Owner

@Nefcanto commented on GitHub (Jul 16, 2021):

OK, thank you. I understood. There is no possibility for a universal wildcard certificate to be used for development.

This means that I have to automate the certificate creation process somehow so that for each project I won't be required to create a certificate, update the Nginx config file, and create an entry in local DNS.

@Nefcanto commented on GitHub (Jul 16, 2021): OK, thank you. I understood. There is no possibility for a universal wildcard certificate to be used for development. This means that I have to automate the certificate creation process somehow so that for each project I won't be required to create a certificate, update the Nginx config file, and create an entry in local DNS.

kerem commented

2026-02-25 22:32:58 +03:00

Author

Owner

@minecraftchest1 commented on GitHub (Aug 24, 2021):

You could try mkcert *.local. That should do a catch-all for everything under .local tld.

@minecraftchest1 commented on GitHub (Aug 24, 2021): You could try `mkcert *.local`. That should do a catch-all for everything under .local tld.

kerem commented

2026-02-25 22:32:58 +03:00

Author

Owner

@Nefcanto commented on GitHub (Aug 25, 2021):

@minecraftchest1 this is what I got:

Created a new certificate valid for the following names 📜

".local"
Warning: many browsers don't support second-level wildcards like ".local" ⚠️

Reminder: X.509 wildcards only go one level deep, so this won't match a.b.local ℹ️

The certificate is at "/Temp/Local/Certificate.pem" and the key at "/Temp/Local/Key.pem" ✅

It will expire on 25 November 2023 🗓

So, this is not practical.

@Nefcanto commented on GitHub (Aug 25, 2021): @minecraftchest1 this is what I got: > Created a new certificate valid for the following names 📜 > - "*.local" > Warning: many browsers don't support second-level wildcards like "*.local" ⚠️ > > Reminder: X.509 wildcards only go one level deep, so this won't match a.b.local ℹ️ > > The certificate is at "/Temp/Local/Certificate.pem" and the key at "/Temp/Local/Key.pem" ✅ > > It will expire on 25 November 2023 🗓 So, this is not practical.

kerem commented

2026-02-25 22:32:58 +03:00

Author

Owner

@gaby commented on GitHub (Sep 18, 2021):

This is not doable, you csn close the issue.

@gaby commented on GitHub (Sep 18, 2021): This is not doable, you csn close the issue.

kerem commented

2026-02-25 22:32:58 +03:00

Author

Owner

@harryqt commented on GitHub (Aug 4, 2022):

You could try mkcert *.local. That should do a catch-all for everything under .local tld.

This doesn’t work.

@harryqt commented on GitHub (Aug 4, 2022): > You could try `mkcert *.local`. That should do a catch-all for everything under .local tld. This doesn’t work.

kerem commented

2026-02-25 22:32:58 +03:00

Author

Owner

@renatofrota commented on GitHub (Feb 11, 2024):

You can create a cert for *.dev.localhost. It works and should resolve internally.

app1.dev.localhost
app2.dev.localhost
etc...

will be all covered.

you can use anything else instead dev if you prefer. it is there just to make a 3rd level wildcard (instead a 2nd level one) and get accepted by browsers.

@renatofrota commented on GitHub (Feb 11, 2024): You can create a cert for `*.dev.localhost`. It works and should resolve internally. app1.dev.localhost app2.dev.localhost etc... will be all covered. you can use anything else instead `dev` if you prefer. it is there just to make a 3rd level wildcard (instead a 2nd level one) and get accepted by browsers.