Use tls-keygen for self-signing certs #412
Comments
|
Would this help with electron + bankai issues? ref: #233, create-choo-electron#8 |
|
It'll only work for macOS and for Linux. And only for Linux if the environment relies on NSS for certificate authority. Also, Firefox doesn't care about the default keychain on macOS -- https://bugzilla.mozilla.org/show_bug.cgi?id=963354 |
|
@jsumners oh no! - perhaps we should keep the default system as a fallback then. A hybrid perhaps? Also pinging @sebdeckers; any thoughts on ^? |
|
What @jsumners said is correct. Would love to add support for more platforms & browsers. It looks like on Windows it should be possible to support Firefox (and presumably the other browsers too). I am not familiar with the situation on Linux. Which systems are used besides NSS? |
|
@sebdeckers that's an unanswerable question. It can be handled so many different ways that it'd be impossible to support without picking a specific distribution, or set of distributions. And then, you'd have to limit it to designated releases. Case and point: my day job is a Linux system administrator. I had no clue NSS could be an authority on certificates. |
|
Looks like tls-keygen had an update https://www.npmjs.com/package/tls-keygen @sebdeckers how do you feel about it? Is it good enough to integrate? |
|
@yoshuawuyts Despite my Twitter-hype there is still some critical work to be done, namely the Linux support. I need to compile a list of target distros and then try them out with various browsers. My knowledge is limited, so just going by what the internet tells me.
(Seriously? 23 browsers? 🤨)
IIRC you had a really interesting setup on your machine. Any way I can approximate that? |
https://www.npmjs.com/package/tls-keygen adds a key to the OS keychain rather than the browser; this would allow us to eliminate a lot of the friction in our current implementation.
The text was updated successfully, but these errors were encountered: