Update SSL Certificate Naming Convention (Issue 876)

[steven-tomlinson]

This change addresses Issue #876 'consider renaming localhost.key to privkey.pem'

Edited README.MD
Changed test environment instructions for generating self-signed SSL certificate to explcitly create a PEM certificate.
Added tip to eliminate browser warning.

'./config.json-default' updated
Will now use privkey.pem instead of 'localhost.key' as default SSL private key name in a test environment.

Edited EXAMPLES.MD to reflect preference for new SSL naming convention.

'./config.json-default' updated
Will now use fullchain.pem instead of 'localhost.cert' as default SSL Certificate Name in a test environment.

'./Dockerfile' updated
Will now use fullchain.pem instead of 'localhost.cert' as default SSL Certificate File Name when generating Certificate Request.

'./Dockerfile' updated
Will now use privkey.pem instead of 'localhost.key' as default SSL Key File Name when generating Certificate Request.

This contribution to Solid is governed by the MIT License.

[steven-tomlinson]

I added the additional change to the Dockerfile, as suggested by @melvincarvalho in the original issue discussion ( #876 )

[melvincarvalho]

@steven-tomlinson looks good to me, given that docker will do this every time.

I think the snyk thing is failing on more than one issue. I dont get any details when clicking on it :

Unable to display this organisation

The organisation does not exist, or you do not have permissions to access it.

@kjetilk ?

[steven-tomlinson]

@melvincarvalho thanks!

I have no idea what snyk is. I followed the link and apparently created an account of some kind but have no idea what do with it.

@RubenVerborgh can you provide some guidance? If I am reading this correctly, it appears to be a check that you implemented. I just don't know where to start on identifying or resolving the problem.

[RubenVerborgh]

@steven-tomlinson I haven't implemented this check, but I can see its status. The failure is unrelated to this commit.

[RubenVerborgh]

I've made passing snyk optional.

[steven-tomlinson]

@melvincarvalho based on Ruben's comments, I think this is ready for review. Is there anything else I should do to get this completed and closed?

[kjetilk]

Am I right in assuming that this is something that would only influence new installs? In which case, we can do it in on the 4.x branch.

[RubenVerborgh]

Yes.

[kjetilk]

OK, good! I've rebased it on develop.

[melvincarvalho]

Looks great!

Can I check these 2?

$ openssl req -outform PEM -keyform PEM -new -x509 -sha256 -newkey rsa:2048 -nodes -keyout ../privkey.pem -days 365 -out ../fullchain.pem

is the same as ?

$ openssl genrsa 2048 > ../localhost.key

$ openssl req -new -x509 -nodes -sha256 -days 3650 -key ../localhost.key -subj '/CN=*.localhost' > ../localhost.cert

And should the days be 3650 to be consistent? Actually I normally go with 36500 to give self signed certs no expiry.

[steven-tomlinson]

@melvincarvalho
this line: "$ openssl req -outform PEM -keyform PEM -new -x509 -sha256 -newkey rsa:2048 -nodes -keyout ../privkey.pem -days 365 -out ../fullchain.pem"

will create the key and cert file in one line and put them in the directory above the directory where the command is executed.
The only differences between it and the two commands you quoted are the number of expiration days for the certificate and this one explicitly sets the output file format to 'PEM' for the certificate and key file.

Once the command is executed, the user will be prompted for the Subject (CN, OU, etc.) in order to complete creating the self-signed certificate.

[steven-tomlinson]

@kjetilk should I rebase my branch on 'develop' instead of 'master" as well before initiating a pull request?

[kjetilk]

@kjetilk should I rebase my branch on 'develop' instead of 'master" as well before initiating a pull request?

Normally, yes, but I did it for you this time! :-)

We need to reconsider which branch is our default, I think.