Local Certificate Generation Standards

Beginner

Enforce standards for mkcert certificate generation — domain naming, file naming conventions, directory structure, and required SAN entries for consistent team development.

File Patterns

**/certs/****/scripts/setup-certs***/.gitignore

This rule applies to files matching the patterns above.

Rule Content

rule-content.md

# Local Certificate Generation Standards

## Rule
All mkcert certificates MUST follow consistent naming, include required SAN entries, and be stored in the project's certs/ directory.

## Format
```bash
mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem \
  localhost 127.0.0.1 ::1 <project>.local [additional-domains...]
```

## Requirements
1. **Always include** — localhost, 127.0.0.1, and ::1 in every certificate
2. **Custom domains** — use `.local` TLD for custom development domains
3. **File naming** — `local-cert.pem` and `local-key.pem` in `certs/` directory
4. **gitignore** — certs/ directory must be in .gitignore
5. **Setup script** — provide scripts/setup-certs.sh for reproducible generation
6. **Documentation** — list all required domains in README

## Examples

### Good
```bash
# Standard certificate with all required SANs
mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem \
  localhost 127.0.0.1 ::1 \
  myapp.local api.myapp.local

# Wildcard for multi-service setups
mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem \
  localhost 127.0.0.1 ::1 \
  "*.myapp.local" myapp.local
```

### Bad
```bash
# Missing localhost and IP addresses
mkcert myapp.local

# Non-standard file names
mkcert -cert-file cert.crt -key-file key.key myapp.local

# Using production-like domains
mkcert -cert-file certs/cert.pem myapp.com staging.myapp.com
```

## Project Structure
```
project/
├── certs/                  # gitignored
│   ├── local-cert.pem
│   └── local-key.pem
├── scripts/
│   └── setup-certs.sh      # Reproducible generation
├── .gitignore              # includes certs/
└── README.md               # Documents cert setup
```

## Enforcement
Include cert generation in project Makefile. Verify cert existence in development server startup. Document required domains in README.

FAQ

Discussion

Loading comments...

# Local Certificate Generation Standards ## Rule All mkcert certificates MUST follow consistent naming, include required SAN entries, and be stored in the project's certs/ directory. ## Format ```bash mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem \ localhost 127.0.0.1 ::1 <project>.local [additional-domains...] ``` ## Requirements 1. **Always include** — localhost, 127.0.0.1, and ::1 in every certificate 2. **Custom domains** — use `.local` TLD for custom development domains 3. **File naming** — `local-cert.pem` and `local-key.pem` in `certs/` directory 4. **gitignore** — certs/ directory must be in .gitignore 5. **Setup script** — provide scripts/setup-certs.sh for reproducible generation 6. **Documentation** — list all required domains in README ## Examples ### Good ```bash # Standard certificate with all required SANs mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem \ localhost 127.0.0.1 ::1 \ myapp.local api.myapp.local # Wildcard for multi-service setups mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem \ localhost 127.0.0.1 ::1 \ "*.myapp.local" myapp.local ``` ### Bad ```bash # Missing localhost and IP addresses mkcert myapp.local # Non-standard file names mkcert -cert-file cert.crt -key-file key.key myapp.local # Using production-like domains mkcert -cert-file certs/cert.pem myapp.com staging.myapp.com ``` ## Project Structure ``` project/ ├── certs/ # gitignored │ ├── local-cert.pem │ └── local-key.pem ├── scripts/ │ └── setup-certs.sh # Reproducible generation ├── .gitignore # includes certs/ └── README.md # Documents cert setup ``` ## Enforcement Include cert generation in project Makefile. Verify cert existence in development server startup. Document required domains in README.