Configure TLS
This guide walks you through setting up local Certificate Authority (CA) certificates for development environments.
Install mkcert
First, install mkcert and its dependencies:
macOS
brew install mkcert
brew install nss # if you use Firefoxbash
Linux
sudo apt install libnss3-tools
sudo apt install mkcertbash
Create and Install Local CA
- Create and install the local CA in the system trust store:
mkcert -installbash
The CA files will be stored in:
- macOS:
~/Library/Application Support/mkcert - Linux:
~/.local/share/mkcert
- Generate certificates:
# Create certificates for localhost
mkcert localhost
# This will generate:
# - localhost.pem (certificate)
# - localhost-key.pem (private key)bash
- Find your root CA files:
# Show the location of your root CA files
mkcert -CAROOT
# You'll need:
# - rootCA.pem (CA certificate)
# - rootCA-key.pem (CA private key)bash
Configure FeatureMeshd
- Update your config.yaml to use the CA certificates:
tls:
certificate_chain: "/certs/rootCA.pem" # Root CA certificate
private_key: "/certs/rootCA-key.pem" # Root CA private keyyaml
- Update your docker-compose.yml to mount the certificates:
services:
featuremeshd:
volumes:
# For Linux:
- ${HOME}/.local/share/mkcert/rootCA.pem:/certs/rootCA.pem
- ${HOME}/.local/share/mkcert/rootCA-key.pem:/certs/rootCA-key.pem
# For macOS:
# - ${HOME}/Library/Application Support/mkcert/rootCA.pem:/certs/rootCA.pem
# - ${HOME}/Library/Application Support/mkcert/rootCA-key.pem:/certs/rootCA-key.pemyaml
Troubleshooting
Common issues:
Certificate not trusted
- Ensure mkcert was installed correctly
- Run
mkcert -installagain - Restart your browser
Certificate files not found
- Use
mkcert -CAROOTto verify the location - Check file permissions
- Ensure paths in docker-compose.yml match your OS
- Use
Firefox issues
- Install
nsspackage - Run
mkcert -installagain
- Install