Listen on HTTPS with minica issued leaf cert #63
Assignees
Labels
Comments
This was referenced Dec 5, 2017
jsha
pushed a commit
that referenced
this issue
Dec 6, 2017
This commit adds a root certificate & an issued end-entity certificate (plus accompanying private keys) for the Pebble API. By default the EE cert has SANs for `127.0.0.1`, `pebble`, and `localhost`. READMEs are added to explain the cert generation & **DANGER** around adding the CA to a prod trust store. Pebble's default config is updated to use the EE cert & the `pebble` command now invokes `http.ListenAndServeTLS`. This will make Pebble a better test server since the ACME specification [says](https://tools.ietf.org/html/draft-ietf-acme-acme-08#section-6.1): > Use of HTTPS is REQUIRED. Resolves #63
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Pebble should include a miniCA generated CA certificate in the repo. We should also include a leaf certificate issued from the CA for
127.0.0.1.Users requiring trusted TLS for their test code (don't do this for anything else!) can import the CA certificate into their client trust store. Users with more complicated needs (e.g. a different subject SAN in the leaf certificate) should replace the CA & leaf cert in the repo with their own.
The text was updated successfully, but these errors were encountered: