mkcert - No config certificate authority tool

  •        0
  

We aggregate and tag open source projects. We have collections of more than one million projects. Check out the projects section.



Mkcert is go-lang project, which is super easy tool to setup certificate authority without any configuration. Using certificates are inevitable these days, data should be transferred in a secure communication channel. Buying a certificate is expensive and mostly companies buy certificates only for production systems. In Dev setup, if we use self-signed certificate then there will be trust errors. mkcert automatically creates and installs a local CA in the system root store, and generates locally-trusted certificates.


Installation

Follow below steps to setup certificate authority

Mkcert tool can be downloaded directly from git hub project as shown below


curl -o mkcert -L
    'https://github.com/FiloSottile/mkcert/releases/download/v1.1.0/mkcert-v1.1.0-linux-amd64'


In the releases page, downloads are available specific for Windows, MacOS and Linux. Change the mkcert file as executable

chmod +x mkcert

 

Install the mkcert in your box

./mkcert -install

 

Once installed the certificate and private key of certificate authority will be available in mkcert root path. Mkcert root path can be found from the below command

./mkcert -CAROOT

 

Run the mkcert to generate certificate and key from the installed CA with the host names requested in the command. Certificate and keys will be generated with hostnames like localhost.pem and localhost-key.pem, similarly for 127.0.0.1 will be available in current directory.

./mkcert localhost 127.0.0.1

 

Let's verify how it works?

Now certificate authority is available in your trusted certificate authority store. It can be verified by checking in following path

cd /etc/ssl/certs/
ls | grep -i mkcert

Start a server in SSL mode to have https connectivity. Here we are using nodejs to start simple server. Install the http-server (Prerequisite npm and nodejs should be installed).

 npm install -g http-server

Start the http server with the port and ssl having generated certificate(localhost.pem) and key(localhost-key.pem).

 http-server -p 8080 --ssl --cert localhost.pem --key localhost-key.pem

So now hitting the url( https://localhost:8080 ) through browser or the curl command will show up page with text message saying the server is running in this port. If the server is started with self-signed cert, it will show insecure in the browser.

Mkcert creates certificate authority root certificate and key which has chain of certificate authority linked to let’s encrypt certificate authority. Let’sencyrpt certificate authority is a free, automated and open source certificate authority. It will be the intermediate chain of trust for the certificate authority installed by mkcert. It automatically renews the CA certificate and updates the certificate authority store. To know more about LetsEncrypt, please refer https://letsencrypt.org/docs/

End entity Certificate authority installed when mkcert installed. When mkcert runs with host names, it generates the private key and creates the certificate from the locally installed CA. This certificate used while server startup with ssl mode. When a client access the server, this certificate issued to client which in turn verifies the certificate authority present in the issued certificate. The certificate authority is nothing but installed by mkcert and available in the certificate trust store so handshake happens successfully.

This works well for the local development purpose, integration and security testing. If we are using the self signed certificate, certificate exception has to be accepted or ignored at the automated integration testing or security testing.

Use CA in multiple machines?

The certificate authority is security aspect which doesn’t depend on platforms. Same CA can also be used on Mac / Mobile / Tablet devices.  Root CA can be copied to other machines trust store and run mkcert so it will be common CA for
multiple machines. It might help for distributed system to have common CA instead of having
CA for each node.

Reference:

https://github.com/FiloSottile/mkcert

 


Sponsored:
To find embedded technology information about MCU, IoT, AI etc Check out embedkari.com.


   

Nagappan is a techie-geek and a full-stack senior developer having 10+ years of experience in both front-end and back-end. He has experience on front-end web technologies like HTML, CSS, JAVASCRIPT, Angular and expert in Java and related frameworks like Spring, Struts, EJB and RESTEasy framework. He hold bachelors degree in computer science and he is very passionate in learning new technologies.

Subscribe to our newsletter.

We will send mail once in a week about latest updates on open source tools and technologies. subscribe our newsletter



Related Articles

Holistic usage guide for OpenSSL

  • openssl security certificate tools

OpenSSL is a general purpose cryptographty toolkit that provides an open source implementation of Transport Layer Security(TLS) and Secure Socket Layer(SSL) protocols. It is written in C,assembly and Perl language but wrappers are available in all languages. This article explains about OpenSSL commands.

Read More


GlobalSign - Free Certificate for Open Source Projects

  • free certificate ssl security

GlobalSign is one of the Internet’s original trust service providers (technically known as Certificate Authorities). They have issued millions of trusted Digital Certificates to people, servers and mobile devices for Public Key Infrastructure (PKI) enabled solutions and applications. They are now giving certificates for free for open source projects.

Read More


LetsEncrypt certificate using ZeroSSL tools

  • ssl-certificate certificate security

Let’s Encrypt is a free, automated, and open Certificate Authority. It uses ACME protocol to validate your domain. If you have complete control over your domain, you can get a certificate for free. In order to provide secure access to your public network like HTTPS, LDAPS etc you need a certificate from a Certificate Authority. The cost of the certificate range from 10$ to 100$. If you want a wildcard certificate then it may cost more. The certificate is valid for one year and you need to pay and renew every year. Let's Encrypt comes for the rescue. You can create and renew certificate for few.

Read More


Angular Service Workers Usage Guide

  • angular service-worker offline-app

Web developers come across scenarios like web application completely breaks when workstation goes offline. Likewise to get into our application, every time we need to open a browser and then access it. Instead if it is in app, it will be easy to access for end-user. Push notifications similar to email client need to be done through web application. All these are addressed by a magic called service worker.

Read More


Introduction to Light 4J Microservices Framework

  • light4j microservice java programming framework

Light 4j is fast, lightweight, secure and cloud native microservices platform written in Java 8. It is based on pure HTTP server without Java EE platform. It is hosted by server UnderTow. Light-4j and related frameworks are released under the Apache 2.0 license.

Read More



Ngnix - High Performance Web Server, Proxy Server, Content Cache and Reverse Proxy

  • load-balancer proxy-server web-server

Nginx is a High Performance Web Server, Proxy Server, Content Cache and Reverse Proxy server. It can also be used as mail proxy server and a generic TCP/UDP proxy server. Nginx claims to be more efficient and faster in the Web space compared to the other web servers. This can be evident with the architecture which is based on asynchronous event-driven approach. The event driven architecture enables to scale to hundreds / thousands of concurrent connections.

Read More


AbanteCart - Easy to use open source e-commerce platform, helps selling online

  • e-commerce ecommerce cart

AbanteCart is a free, open source shopping cart that was built by developers with a passion for free and accessible software. Founded in 2010 (launched in 2011), the platform is coded in PHP and supports MySQL. AbanteCart’s easy to use admin and basic layout management tool make this open source solution both easy to use and customizable, depending on the skills of the user. AbanteCart is very user-friendly, it is entirely possible for a user with little to no coding experience to set up and use this cart. If the user would be limited to the themes and features available in base AbanteCart, there is a marketplace where third-party extensions or plugins come to the rescue.

Read More


An introduction to web cache proxy server - nuster

  • web-cache proxy-server load-balancer

Nuster is a simple yet powerful web caching proxy server based on HAProxy. It is 100% compatible with HAProxy, and takes full advantage of the ACL functionality of HAProxy to provide fine-grained caching policy based on the content of request, response or server status. This article gives an overview of nuster - web cache proxy server, its installation and few examples of how to use it.

Read More


Light4j Cookbook - Rest API, CORS and RDBMS

  • light4j sql cors rest-api

Light 4j is a fast, lightweight and cloud-native microservices framework. In this article, we will see what and how hybrid framework works and integrate with RDMS databases like MySQL, also built in option of CORS handler for in-flight request.

Read More


Restrict Solr Admin Access

  • solr searchengine tips

Solr is a search engine built on top of Lucene. It supports REST interface and has lot of built-in capabilities. Solr package has Admin UI interface which has support to perform query and even delete the contents of the index. If you are using Solr in production then you may need to restrict access. I saw couple of questions in the group related to this topic. Thought to write an article explaining few tips to restrict the user access to Solr admin UI.

Read More


Cache using Hazelcast InMemory Data Grid

  • hazelcast cache key-value

Hazelcast is an open source In-Memory Data Grid (IMDG). It provides elastically scalable distributed In-Memory computing, widely recognized as the fastest and most scalable approach to application performance. Hazelcast makes distributed computing simple by offering distributed implementations of many developer-friendly interfaces from Java such as Map, Queue, ExecutorService, Lock and JCache.

Read More


8 Reasons Why Python Scores Over PHP for Web Development

  • python php web-development

PHP, the general-purpose scripting language has been used since decades for socket programming and web development. But in recent times, Python has become the most sought after programming language. This all-purpose programming language is attracting more developers in the industry owing to its highly dynamic and extensible nature. Let's see how Python is winning over age-old PHP.

Read More


Top 3 color quantization algorithms

  • color-optimization color-quantization algorithm

I have been writing on the desktop image processing application. At the version 1.0, I use the octree color quantization algorithm to reduce image to 256 colors, which is highly memory efficient with each pixel assigned the color at the center of the octree bin in which it falls. On the other hand, generates the palette using the distribution of colors in the image, but it does not consider the frequency of color. This means that if an image is composed of similar colors overall but has many different low-frequency colors or noise, octree's results can be very poor.

Read More


Best open source Text Editors

  • text-editor editor tools dev-tools

Text editors are mainly used by programmers and developers for manipulating plain text source code, editing configuration files or preparing documentation and even viewing error logs. Text editors is a piece of software which enables to create, modify and delete files that a programmer is using while creating website or mobile app.In this article, we will discuss about top 7 all-round performing text editors which is highly supportive for programmers.

Read More


An Introduction to the UnQLite Embedded NoSQL Database Engine

  • database nosql embedded key-value-store

UnQLite is an embedded NoSQL database engine. It's a standard Key/Value store similar to the more popular Berkeley DB and a document-store database similar to MongoDB with a built-in scripting language called Jx9 that looks like Javascript. Unlike most other NoSQL databases, UnQLite does not have a separate server process. UnQLite reads and writes directly to ordinary disk files. A complete database with multiple collections is contained in a single disk file. The database file format is cross-platform, you can freely copy a database between 32-bit and 64-bit systems or between big-endian and little-endian architectures.

Read More


Why Corporates should contribute to open source?

  • opensource donate corporate

Open source is leading innovation in all technological areas. Open source awareness has spread around the world. Schools and Colleges students speak about it. Government organization think about it. Corporates relay on open source technological stack to build their enterprise or cloud products.

Read More


LogicalDOC - Open Source DMS

  • dms document-management-system

LogicalDOC is both a document management and a collaboration system. The software is loaded with many functions and allows organizing, indexing, retrieving, controlling and distributing important business documents securely and safely for any organization and individual.

Read More


Microweber CMS - An open source CMS with Ecommerce support

  • cms e-commerce microweber

To the user's satisfaction, there is a whole wide world of different CMS, all suitable for different needs. You can go for the giants like Wordpress or Joomla or pick one of the rising forces - Shopify, Squarespace or others. Microweber CMS fills a hole in the current technological ecosystem, aimed at delivering a light software that is perfect for all end-users lacking the technical knowledge needed for complicated website building.

Read More


Appserver.io – The First Multithreaded Application Server for PHP written in PHP

  • appserver application-server php

What if you could reliably run PHP without Nginx or Apache, but also without relying on its internal server? What if you could do async operations in PHP with true multi threading, fully taking advantage of multi core processors without hacks or a jungle of callbacks? What if you had drag and drop installation support for your PHAR packaged web apps in an environment identical to its production counterpart? Welcome to appserver.io – the worlds first open source application server for PHP.

Read More


Benefits in contributing to Open Source

  • open-source opensource contribute benifits

What the benefit will i get, if i contribute to Open Source? This is the frequently asked question by many people. I just want to pen down the benefits which i know and i hope you will agree with it.

Read More