I’ve created a library/tool to make creation of SSL certificates and jks files to support HTTPS better
The idea is to eventually get to the point that you can just enable ssl in a figwheel build and not worry about the config
I’ve only tried it on my mac it would be cool to have folks give it a whirl on their own machine https://github.com/bhauman/certifiable
I also would love some commits that automate certificate trust on your favorite OS
That's terrifying
Please be really cautious about the security of the root CA. That could be used to pwn you.
@dominicm I’m following an established pattern for dev certificate generation and its only supposed to be for localhost etc
your only accepting a root cert that was generated on your machine
and yes it should only be used for local development 🙂
2 problems: 1. I think that pattern is really dangerous, I think it's a "pragmatic solution" rather than a safe solution. People aren't talking about that. 2. The root certificate ends up installed on the developer's machine, that isn't restricted to localhost in any way, so if an attacker can get a hold of that root certificate, I can start intercepting your traffic.
yes restricting it certainly makes sense
I don't think that's possible for root CAs.
how do you go about it?
How do I go about what?
when you need a local dev? just a self-signed cert?
I don't use ssl, it doesn't provide security for localhost