@ -394,7 +394,12 @@ Some modern techs (ServiceWorker, any `MediaDevices.getUserMedia()` request etc.
$ ws --key localhost.key --cert localhost.crt
```
You need a valid certificate, you do not need third-party verification (Verisign etc.). To create a certificate is trivial:
If you don't have a key and certificate it's trivial to create them. You do not need third-party verification (Verisign etc.) for development purposes. To get the green padlock in the browser, the certificate..
* must have a `Common Name` value matching the FQDN of the server
* must be verified by a Certificate Authority (but we can overrule this - see below)
First create a certificate:
1. Install openssl.
@ -408,10 +413,9 @@ You need a valid certificate, you do not need third-party verification (Verisign
4. Create certificate request. **Important**: you **must**put your local server's correct FQDN (typically `127.0.0.1`, `localhost`, `dev-server.local` etc.) into the `Common Name` field. The cert will only work on the domain specified here.
4. Create certificate request. The command below will ask a series of questions about the certificate owner. The most imporant answer to give is for `Common Name`, you can accept the default values for the others. **Important**: you **must**input your server's correct FQDN (`dev-server.local`, `laptop.home` etc.) into the `Common Name` field. The cert is only valid for the domain specified here. You can find out your computers host name by running the command `hostname`. For example, mine is `mba3.home`.
`$ openssl req -new -key ws.key -out ws.csr`
@ -419,13 +423,26 @@ You need a valid certificate, you do not need third-party verification (Verisign
7. Launch HTTPS server. In iTerm, control-click the first URL (with the hostname matching `Common Name`) to launch your browser.
```
$ ws --key ws.key --cert ws.crt
serving at https://127.0.0.1:8000, https://192.168.1.203:8000
serving at https://mba3.home:8010, https://127.0.0.1:8010, https://192.168.1.203:8010
```
Chrome and Firefox will still complain your certificate has not been verified by a Certificate Authority. Firefox will offer you an `Add an exception` option, allowing you to ignore the warning and manually mark the certificate as trusted. In Chrome on Mac, you can manually trust the certificate another way:
1. Open Keychain
2. Click File -> Import. Select the `.crt` file you created.
3. In the `Certificates` category, double-click the cert you imported.
4. In the `trust` section, underneath `when using this certificate`, select `Always Trust`.
Now you have a valid, trusted certificate for development.
### Stored config
Use the same options every time? Persist then to `package.json`:
@ -394,7 +394,12 @@ Some modern techs (ServiceWorker, any `MediaDevices.getUserMedia()` request etc.
$ ws --key localhost.key --cert localhost.crt
```
You need a valid certificate, you do not need third-party verification (Verisign etc.). To create a certificate is trivial:
If you don't have a key and certificate it's trivial to create them. You do not need third-party verification (Verisign etc.) for development purposes. To get the green padlock in the browser, the certificate..
* must have a `Common Name` value matching the FQDN of the server
* must be verified by a Certificate Authority (but we can overrule this - see below)
First create a certificate:
1. Install openssl.
@ -408,10 +413,9 @@ You need a valid certificate, you do not need third-party verification (Verisign
4. Create certificate request. **Important**: you **must** put your local server's correct FQDN (typically `127.0.0.1`, `localhost`, `dev-server.local` etc.) into the `Common Name` field. The cert will only work on the domain specified here.
4. Create certificate request. The command below will ask a series of questions about the certificate owner. The most imporant answer to give is for `Common Name`, you can accept the default values for the others. **Important**: you **must** input your server's correct FQDN (`dev-server.local`, `laptop.home` etc.) into the `Common Name` field. The cert is only valid for the domain specified here. You can find out your computers host name by running the command `hostname`. For example, mine is `mba3.home`.
`$ openssl req -new -key ws.key -out ws.csr`
@ -419,13 +423,26 @@ You need a valid certificate, you do not need third-party verification (Verisign
7. Launch HTTPS server. In iTerm, control-click the first URL (with the hostname matching `Common Name`) to launch your browser.
```
$ ws --key ws.key --cert ws.crt
serving at https://127.0.0.1:8000, https://192.168.1.203:8000
serving at https://mba3.home:8010, https://127.0.0.1:8010, https://192.168.1.203:8010
```
Chrome and Firefox will still complain your certificate has not been verified by a Certificate Authority. Firefox will offer you an `Add an exception` option, allowing you to ignore the warning and manually mark the certificate as trusted. In Chrome on Mac, you can manually trust the certificate another way:
1. Open Keychain
2. Click File -> Import. Select the `.crt` file you created.
3. In the `Certificates` category, double-click the cert you imported.
4. In the `trust` section, underneath `when using this certificate`, select `Always Trust`.
Now you have a valid, trusted certificate for development.
### Stored config
Use the same options every time? Persist then to `package.json`: