4.3.2 SSL

[p-b-west]

I find this section ambiguous.

Is this the necessary sequence.

• Generate a self-signed root certificate for localhost, ensuring that the cert contains a Subject Alternative Name.

• If the generated certificate is not in pem format, use openssl to convert to pem.

• Use keytool to create a Java Keystore containing the self-signed certificate.

• Add :ssl configuration to shadow-cljs.edn, either relying on the default values or specifying actual values.

[thheller]

Yeah that section is rough.

You need a trusted certificate for whichever host you are going to be using. Generating the cert could probably be automated. Getting the OS to trust it is the tricky part. I only got it working on macOS, which doesn't help me anymore since I'm now on Windows. Didn't figure out how to do it here yet.

keytool itself couldn't import the .p12 files generated by the macOS tool directly so I had to convert it first. This might not be required at all for other platforms. keytool can also generate certs but I didn't figure out how to get macOS to trust those.

I don't know what generating certs for testing is still so damn complicated.

I also switched to using undertow recently which I think is able to use pem files directly but I didn't test that enough yet.

[p-b-west]

keytool itself couldn't import the .p12 files generated by the macOS tool directly so I had to convert it first.

I just got that to work. I had to have a password on the .p12 certificate, and I used the same password for the keystore.jks file, but it created the keystore without complaining.