Only gripe is being told to match Dev with production ... And then develop on Mac OS.
Virtual machines are a much cleaner and nicer way to do this. Setting up a wildcard SSL is similarly as simple, an you get the bonus of learning how to do it on a "real" (normal, more standard) server.
The development process is much less complicated when you only consider a single OS. The answer to: "How do I do this?" is always the same; a significant time/brain savings.
This is especially useful as my application is multi-tenant, where you can potentially use lots of different hostnames.
I'm wary of trusting a development certificate on my development machines. One slight misconfiguration, and you've got a CA with a well-known private key which can be used to generate certificates for any name. Which would be very useful for MITMing a rather important machine.
I accept the inconvenience of having to click through the warnings, with conscious awareness of what I'm doing to avoid training myself to ignore them. I'm not entirely sure which is the bigger risk.
For the non-OS X crowd, XCA is a really simple GUI for managing your own CA. Just about everything I have that can use an SSL certificate has one that all of my machines trust.
I wrote https://www.npmjs.com/package/crisp a while back, which simplifies a lot of this, it generates a self-signed cert and starts a web server in one move
fyi - I know it's a pain but before I got comfortable with unbound/dnsmasq I wrote a thing to edit your /etc/hosts file, which makes it not quite as painful to deal with.
fideloper|11 years ago
Virtual machines are a much cleaner and nicer way to do this. Setting up a wildcard SSL is similarly as simple, an you get the bonus of learning how to do it on a "real" (normal, more standard) server.
Example setting up wildcard subdomain SSL cert (self-signed): https://serversforhackers.com/ssl-certs/
jedschmidt|11 years ago
eosrei|11 years ago
daurnimator|11 years ago
Makes it easy to develop from any machine, and even allows me to check it out from other machines. Including things like browserling.
On top of that, it can record and replay requests for you as you debug.
bensummers|11 years ago
http://bens.me.uk/2013/multicast-dns-and-development-virtual...
This is especially useful as my application is multi-tenant, where you can potentially use lots of different hostnames.
I'm wary of trusting a development certificate on my development machines. One slight misconfiguration, and you've got a CA with a well-known private key which can be used to generate certificates for any name. Which would be very useful for MITMing a rather important machine.
I accept the inconvenience of having to click through the warnings, with conscious awareness of what I'm doing to avoid training myself to ignore them. I'm not entirely sure which is the bigger risk.
iancarroll|11 years ago
Besides, I don't understand why you would choose not to trust the certificate, then click it and choose to trust it...
tbyehl|11 years ago
http://xca.sourceforge.net/
geofft|11 years ago
I also wish glibc had something similar.
climaxius|11 years ago
e28eta|11 years ago
I've put Apache with a wildcard cert (& local CA) in front of it to handle SSL termination.
It's very similar to the technique from the article, but I've found the ability to serve requests on the default port to be convenient.
arthurk|11 years ago
lvturner|11 years ago
evadne|11 years ago
kevinburke|11 years ago
https://github.com/kevinburke/hostsfile
pbreit|11 years ago
philfreo|11 years ago