Document creating test certificates

docs/docs/testcerts.md

@@ -0,0 +1,48 @@
+# Test Certificates
+
+To be able to start the SaltyRTC server, you need to specify a TLS key and
+certificate. In production you will want to use a certificate signed by a
+trusted CA, but for testing purposes, the easiest way is to create a
+self-signed certificate.
+
+## Generating a Test Certificate
+
+Use the following command to create such a certificate, valid for `localhost`
+during the next 5 years:
+
+    $ openssl req \
+           -newkey rsa:1024 \
+           -x509 \
+           -nodes \
+           -keyout saltyrtc.key \
+           -new \
+           -out saltyrtc.crt \
+           -subj /CN=localhost \
+           -reqexts SAN \
+           -extensions SAN \
+           -config <(cat /etc/ssl/openssl.cnf \
+             <(printf '[SAN]\nsubjectAltName=DNS:localhost')) \
+           -sha256 \
+           -days 1825
+
+## Importing
+
+### Chrome / Chromium
+
+The best way to import this certificate into Chrome is via the command line:
+
+    $ certutil -d sql:$HOME/.pki/nssdb \
+        -A -t "P,," -n saltyrtc-test-ca \
+        -i saltyrtc.crt
+
+Then make sure to restart your browser (or simply visit `chrome://restart`).
+
+### Firefox
+
+Go to the directory `~/.mozilla/firefox` and look for a directory with a
+cryptic name containing the string `.default-`. This is your profile name. Copy
+it, then run this command (with the `<profile-name>` replaced):
+
+    $ certutil -d ~/.mozilla/firefox/<profile-name> \
+        -A -n saltyrtc-test-ca -t Ccw,, \
+        -i saltyrtc.crt

docs/mkdocs.yml

@@ -14,6 +14,7 @@ pages:
   - Guide:
     - Installing: installing.md
     - Usage: usage.md
+    - Test Certificates: testcerts.md
   - About: about.md
 theme_dir: theme_overrides
 extra_css: