1. Download mkcert
2. Rename the binary to mkcert and optionally, place it to %PATH%
3. Run .\mkcert -install and consult the Install section for manual Windows Firefox steps
4. Share the CA with any other computers and mobile devices that need it:
   • Computers: https://github.com/FiloSottile/mkcert#installing-the-ca-on-other-systems
   • Mobile devices: https://github.com/FiloSottile/mkcert#mobile-devices
   • Consult the Install section for macOS Safari troubleshooting
5. Generate a certificate for your host name, e.g.: mkcert localhost
6. Configure your web server to use localhost.pem and localhost-key.pem

Follow the guide in the Gist.

mkcert will install the certificate authority to the system and browser trust stores where it can, but there are a few expections:

mkcert doesn't know how to install the certificate authority into the Firefox trust store on Windows, so it needs to be done manually by doing either this:

• Go to about:preferences#privacy
• Scroll to the Certificates section
• Click the View Certificates… button
• Switch to the Authorities tab
• Click the Import… button
• Locate the rootCA.pem file created during mkcert -install
• Check Thurst this CA to authenticate web sites

…or by going to about:config and seting security.enterprise_roots.enabled. This as I understand it will make Firefox also respect the OS trust stores to which mkcert does install the certificate authority on its own.

Safari on macOS can be stubborn when installing a certificate authority from a different machine (and perhaps even from the same machine, who knows). I have found that after copying rootCA.pem from a Windows machine to a macOS machine and placing it to the mkcert -CAROOT path and running mkcert -install, other browsers will happily accept the certificate authority and the certificates generated by that authority on a different machine, but macOS Safari will not. I have not looked further into this because I just don't care about macOS Safari all too much.

The flow to install the certificate on iOS is easy: transfer the PEM over to the device using AirDrop or WhatsApp, download it to the Files app, find and open it in the Files app, confirm the prompt asking to install the profile, go to the Settings app and click the new item which says "Profile downloaded", select the Install option and go through the guide.

After this, you may find Safari will still warn you about the certificate and you might need to go forcefully through using the Visit website link anyway, but afterwards, upon further refreshes, you should find the certificate works perfectly.

const https = require('https');
const fs = require('fs');

https.createServer(
  {
    key: fs.readFileSync('key.pem'),
    cert: fs.readFileSync('cert.pem'),
  },
  (request, response) => {
  
  },
  () => console.log('Running.')
);