Is mkcert safe to use?

This page summarizes the projects mentioned and recommended in the original post on /r/selfhosted

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • mkcert

    A simple zero-config tool to make locally trusted development certificates with any names you'd like.

    It kinda looks like, if the mkcert repo (or brew package) were to be compromised, an attacker could pretty easily cause your system (and every other system that subsequently uses mkcert) to trust any certificate they wanted, or literally do anything they pleased. mkcert will ask for your credentials to be able to trust the CA; but there's no guarantee the script is using those credentials for good.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts