bhauman 2020-06-11T18:28:20.246400Z

I’ve created a library/tool to make creation of SSL certificates and jks files to support HTTPS better

bhauman 2020-06-11T18:29:23.247100Z

The idea is to eventually get to the point that you can just enable ssl in a figwheel build and not worry about the config

bhauman 2020-06-11T18:30:16.247900Z

I’ve only tried it on my mac it would be cool to have folks give it a whirl on their own machine

bhauman 2020-06-11T18:31:38.248700Z

I also would love some commits that automate certificate trust on your favorite OS

dominicm 2020-06-11T18:34:14.248900Z

That's terrifying

dominicm 2020-06-11T18:35:05.249800Z

Please be really cautious about the security of the root CA. That could be used to pwn you.

bhauman 2020-06-11T18:41:23.251300Z

@dominicm I’m following an established pattern for dev certificate generation and its only supposed to be for localhost etc

bhauman 2020-06-11T18:42:05.252200Z

your only accepting a root cert that was generated on your machine

bhauman 2020-06-11T18:43:54.253Z

and yes it should only be used for local development 🙂

dominicm 2020-06-11T18:49:50.256300Z

2 problems: 1. I think that pattern is really dangerous, I think it's a "pragmatic solution" rather than a safe solution. People aren't talking about that. 2. The root certificate ends up installed on the developer's machine, that isn't restricted to localhost in any way, so if an attacker can get a hold of that root certificate, I can start intercepting your traffic.

bhauman 2020-06-11T19:43:45.260Z

yes restricting it certainly makes sense

dominicm 2020-06-11T19:46:23.260100Z

I don't think that's possible for root CAs.

bhauman 2020-06-11T19:47:56.260600Z

how do you go about it?

dominicm 2020-06-11T19:48:13.261Z

How do I go about what?

bhauman 2020-06-11T19:48:19.261300Z

when you need a local dev? just a self-signed cert?

dominicm 2020-06-11T19:48:37.261400Z

I don't use ssl, it doesn't provide security for localhost