Is this also true for localhost, or does localhost get special treatment? What is a good way to get https certificates for localhost other than self signed certificates?
This isn't true for localhost. But some browsers don't know whether "localhost" is really localhost, so for best compatibility write 127.0.0.1 or ::1 as appropriate
If you need to simulate HTTPS for your local host, but you actually control all the moving parts (e.g. a dev environment) you can use any private key + associated certificate for a DNS FQDN you control, then use /etc/hosts or its moral equivalent to tell your local machine that this name is on the local loop, and the key + certificate will validate.
You must not ship this as a "product" because when you do that all the end users end up with the private key, which both destroys the whole _point_ of public key cryptography AND violates the terms of whichever CA issued you with the certificate.
tialaramex|7 years ago
If you need to simulate HTTPS for your local host, but you actually control all the moving parts (e.g. a dev environment) you can use any private key + associated certificate for a DNS FQDN you control, then use /etc/hosts or its moral equivalent to tell your local machine that this name is on the local loop, and the key + certificate will validate.
You must not ship this as a "product" because when you do that all the end users end up with the private key, which both destroys the whole _point_ of public key cryptography AND violates the terms of whichever CA issued you with the certificate.
criddell|7 years ago
BrowncoatShadow|7 years ago
Still self-signed, but generates a CA that gets added to your browser. It is all pretty seamless.
steve19|7 years ago
unknown|7 years ago
[deleted]
marcosdumay|7 years ago