From c76f3e36251f358d880a2336c67bd9f26dedb1b0 Mon Sep 17 00:00:00 2001 From: Danilo Bargen Date: Tue, 19 Sep 2017 10:08:57 +0200 Subject: [PATCH] Document creating test certificates --- docs/docs/testcerts.md | 48 ++++++++++++++++++++++++++++++++++++++++++ docs/mkdocs.yml | 1 + 2 files changed, 49 insertions(+) create mode 100644 docs/docs/testcerts.md diff --git a/docs/docs/testcerts.md b/docs/docs/testcerts.md new file mode 100644 index 0000000..cd50093 --- /dev/null +++ b/docs/docs/testcerts.md @@ -0,0 +1,48 @@ +# Test Certificates + +To be able to start the SaltyRTC server, you need to specify a TLS key and +certificate. In production you will want to use a certificate signed by a +trusted CA, but for testing purposes, the easiest way is to create a +self-signed certificate. + +## Generating a Test Certificate + +Use the following command to create such a certificate, valid for `localhost` +during the next 5 years: + + $ openssl req \ + -newkey rsa:1024 \ + -x509 \ + -nodes \ + -keyout saltyrtc.key \ + -new \ + -out saltyrtc.crt \ + -subj /CN=localhost \ + -reqexts SAN \ + -extensions SAN \ + -config <(cat /etc/ssl/openssl.cnf \ + <(printf '[SAN]\nsubjectAltName=DNS:localhost')) \ + -sha256 \ + -days 1825 + +## Importing + +### Chrome / Chromium + +The best way to import this certificate into Chrome is via the command line: + + $ certutil -d sql:$HOME/.pki/nssdb \ + -A -t "P,," -n saltyrtc-test-ca \ + -i saltyrtc.crt + +Then make sure to restart your browser (or simply visit `chrome://restart`). + +### Firefox + +Go to the directory `~/.mozilla/firefox` and look for a directory with a +cryptic name containing the string `.default-`. This is your profile name. Copy +it, then run this command (with the `` replaced): + + $ certutil -d ~/.mozilla/firefox/ \ + -A -n saltyrtc-test-ca -t Ccw,, \ + -i saltyrtc.crt diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 4a75ec2..248c8a8 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -14,6 +14,7 @@ pages: - Guide: - Installing: installing.md - Usage: usage.md + - Test Certificates: testcerts.md - About: about.md theme_dir: theme_overrides extra_css: