Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use ~/.minica/ by default #4

Open
powerman opened this issue Apr 9, 2018 · 7 comments
Open

Use ~/.minica/ by default #4

powerman opened this issue Apr 9, 2018 · 7 comments

Comments

@powerman
Copy link

powerman commented Apr 9, 2018

I suppose main use case for minica is to enable developing projects on local workstation. This means we'll have just one CA key imported into all local browsers, and per-project certificates. Not sure about best default place to store per-project certificates (it may make sense to keep them in project's dir), but CA key by default should always be the same. Needs to cd into some specific directory before running minica is very inconvenient, please make it use ~/.minica/ for CA key by default and add an option to change this directory, so minica -ca-dir . can be used to emulate current behaviour.

As for site certificates, I suppose it makes sense to do the same: use ~/.minica/site/ by default and add an option -out-dir and/or two options -out-cert and -out-key to make it easier to control where project certificate will be stored.
@tedb
Copy link

tedb commented Jul 4, 2018

Hi there @powerman, I just learned about this project and was curious about what issues are open. Just a thought, as a workaround for this you could invoke it in a Bash subshell (the parens) that first changes to that directory:

$ (cd ~/.minica && minica example.com)

@logicalphase
Copy link

logicalphase commented Aug 3, 2018
edited
Loading

I left the minica generated files in a folder outside my project and created symlinks to the project files from the root of my project. I use Git so I added the file names to .gitignore.

@jsha
Copy link
Owner

jsha commented Sep 5, 2018

I've been thinking about this issue. I think of minica as having two purposes:

  1. Certificates for local development
  2. Certificates for RPCs, or test harnesses, or general internal-only services that don't need an external CA.

I think (1) is probably now satisfied better by https://github.com/FiloSottile/mkcert (though I haven't tried it myself). The advantage of mkcert is that it knows how to add its root to local trust stores automatically.

For (2), I think it makes more sense to write in the current directory, rather than always to a dotfile directory in the user's home. The reason is that each project or use case should probably have its own CA. If we default to putting things in people's homedir, I think that encourages reusing the same CA across multiple projects, which increases the risk of mistakes.

What do you think?

@adamdecaf
Copy link

@powerman I'll echo Jacob and say mkcert is probably a better fit for you. The auto install into chrome/firefox is super nice.

@powerman
Copy link
Author

powerman commented Sep 5, 2018

Well, for now I've switched back to using EasyRSA and wrote How to securely test local/staging HTTPS project. I don't really think auto install is a critical feature because it has to be done just once by each developer, but, sure, it's nice to have.

@tox2ik
Copy link

tox2ik commented Oct 22, 2018

The current behavior is simple and predictable. Ask any average windows dev what a dot folder is. They'll go "huh?". Besides - a cert is not a config file, which is what dot files are for.

@sdavids
Copy link

sdavids commented Oct 30, 2023

related #65

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@adamdecaf @sdavids @jsha @tedb @tox2ik @powerman @logicalphase