Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
certificate trust API for Windows #9242
This is the second half of #9099 - adding the certificate trust API for Windows.
I've configured a local IIS instance with a self-signed certificate to trigger this failure over HTTPS. Edge and IE don't like it, and spit this error out at the user:
I can write up the way to setup this environment locally if others want to test this flow out themselves. The sample app I've been using can be found here: shiftkey/electron-test-network-windows
The magic in
However, interacting with the trusted root certificate store will trigger this dialog when you invoke
It's certainly not as pretty (or as functional) as the macOS equivalent, but that might be okay for now. As a result I'm also not using the
I'm currently at the point where the test app has the right IPC setup to trigger the certificate error, but I'm missing something with the "swap in a debug version" process and the
Here's my flow for testing this PR (I've probably missed something):
I can then run the test harness, attach to the
UPDATE: there's something up with how
referenced this pull request
Apr 21, 2017
@kevinsawicki I think the only issue I have at this stage is with the debugging experience:
Is there anything I need to be aware of when generating
I found myself off spending way too much time thinking about certificate chains and trust which we didn't really need to do here (only handle self-signed certs).
I'm going to throw some more testing at it in a live app to ensure I haven't missed anything but I think this is ready for a first round of reviewing.
So I tried testing this using https://badssl.com via
Got it, thanks.
I have an Electron app that spins up local Express servers and generates self-signed certs on the fly. Handling trust chain support for the OS wasn't too taxing, but Firefox support was pretty gnarly... I was hoping for a cleaner approach :-) I may still use this for working with OS trust chains though.
Great work on all of this.