How to get the domain name or ip address to sign the https certificate in the test environment?

 Developers need a self-signed certificate to achieve https access in a test environment or even a formal environment. The first thing that comes to mind is the openssl suite tool, but the parameters are cumbersome and not easy to remember.

In this case, someone has already implemented a tool for us to use, which is the mkcert command.

It is an open source tool for generating local self-signed SSL certificates. The project is developed based on Golang, can be used across platforms, does not require configuration, supports multiple domain names and automatically trusts CA.

mac下安装：
brew install mkcert
如果想要在后续用Firefox浏览器进行测试，那么也要安装nss：
brew install nss

先看下帮助：
 mkcert --help
Usage of mkcert:

    $ mkcert -install
    Install the local CA in the system trust store.

    $ mkcert example.org
    Generate "example.org.pem" and "example.org-key.pem".

    $ mkcert example.com myapp.dev localhost 127.0.0.1 ::1
    Generate "example.com+4.pem" and "example.com+4-key.pem".

    $ mkcert "*.example.it"
    Generate "_wildcard.example.it.pem" and "_wildcard.example.it-key.pem".

    $ mkcert -uninstall
    Uninstall the local CA (but do not delete it).

Advanced options:

    -cert-file FILE, -key-file FILE, -p12-file FILE
        Customize the output paths.

    -client
        Generate a certificate for client authentication.

    -ecdsa
        Generate a certificate with an ECDSA key.

    -pkcs12
        Generate a ".p12" PKCS #12 file, also know as a ".pfx" file,
        containing certificate and key for legacy applications.

    -csr CSR
        Generate a certificate based on the supplied CSR. Conflicts with
        all other flags and arguments except -install and -cert-file.

    -CAROOT
        Print the CA certificate and key storage location.

    $CAROOT (environment variable)
        Set the CA certificate and key storage location. (This allows
        maintaining multiple local CAs in parallel.)

    $TRUST_STORES (environment variable)
        A comma-separated list of trust stores to install the local
        root CA into. Options are: "system", "java" and "nss" (includes
        Firefox). Autodetected by default.

Next steps:
1. Generate root certificate
mkcert -install
2. Issue certificate
mkcert youdomain.com
mkcert ip

View the root certificate location:
% mkcert -CAROOT
/Users/money/Library/Application Support/mkcert
The root certificate in this directory, if you use the firefox browser to test, you need to double-click to import it to achieve trust.