Create a development certificate authority
|Module:||Office-IT||Keywords:||infrastructure security ssl development|
|Cc:||kzar, AAlvz, poz2k4444, trev, fhd||Blocked By:||#3638|
When working with the infrastructure repository, especially when accessing a box via HTTPS, one currently needs to manually create exceptions for the self-signed certificates in modules/private-stub. This is not only annoying and - over extend of time - a bit time-consuming, it also requires test-code being specifically aligned. Especially the latter is worth avoiding, in order to ensure tested and productive code (and thus behavior) is as similar as possible.
Fortunately, improvement is quite simple here: We can establish our own, local CA for development and testing purpose. Subsequently, we can replace the current certificates in the private-stub module with new ones signed by that instance. Developers and testers would then just need to register the CA in their own system, so that these certs would be accepted just as if it where an official one.
There's just one caveat to consider: The CA's private bits themselves should be maintained by a trusted body. Otherwise we could be "compromised from the inside".
Change History (14)
comment:11 Changed 2 years ago by matze
- Component changed from Unknown to Office-IT
- Owner changed from matze to fred, matze
- Priority changed from Unknown to P2
- Ready set