Psst, want to beta-test a new tool to generate locally-trusted certificates? Sign your own localhost or whatever.com certificate! Automagic installation.
Looking for CLI feedback. https://github.com/FiloSottile/mkcert …
macOS only right now
(Linux is sooo fragmented, it will take me a bit)
-
-
Nope. A wider-use sane certificate and CA CLI is something I want to build, but this is specifically for developers upset that they need HTTPS to test in browsers.
-
Yeah, I was thinking about best practices tho. Nobody should install a root CA valid for * (and with private key not heavily guarded) on a box they access Google accounts, etc. from.
-
And developers almost certainly do access valuable accounts from the boxes they test their sites with.
-
Is the ability to read a 0600 private key meaningfully different from access to the browser memory space on desktop OSes? It's important to usability for the root to work universally.
-
If you keep it on just one box, maybe not.
-
I feel like it's important for devs to learn not to rely on being able to forge arbitrary domains, but maybe in short term just getting them using https is more important.
End of conversation
New conversation -
-
-
If anyone has pointers to how to get OpenSSL to do domain restriction that would be great. Still unclear how many browsers would honour it though.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.