bankai icon indicating copy to clipboard operation
bankai copied to clipboard
verified publisher icon choojs

Use tls-keygen for self-signing certs

Open yoshuawuyts opened this issue 7 years ago • 7 comments

https://www.npmjs.com/package/tls-keygen adds a key to the OS keychain rather than the browser; this would allow us to eliminate a lot of the friction in our current implementation.

yoshuawuyts avatar Feb 06 '18 20:02 yoshuawuyts

Would this help with electron + bankai issues?

ref: #233, create-choo-electron#8

YerkoPalma avatar Feb 06 '18 20:02 YerkoPalma

It'll only work for macOS and for Linux. And only for Linux if the environment relies on NSS for certificate authority.

Also, Firefox doesn't care about the default keychain on macOS -- https://bugzilla.mozilla.org/show_bug.cgi?id=963354

jsumners avatar Feb 06 '18 22:02 jsumners

@jsumners oh no! - perhaps we should keep the default system as a fallback then. A hybrid perhaps?

Also pinging @sebdeckers; any thoughts on ^?

yoshuawuyts avatar Feb 07 '18 10:02 yoshuawuyts

What @jsumners said is correct. Would love to add support for more platforms & browsers.

It looks like on Windows it should be possible to support Firefox (and presumably the other browsers too). https://serverfault.com/questions/722563/how-to-make-firefox-trust-system-ca-certificates

I am not familiar with the situation on Linux. Which systems are used besides NSS?

sebdeckers avatar Feb 07 '18 11:02 sebdeckers

@sebdeckers that's an unanswerable question. It can be handled so many different ways that it'd be impossible to support without picking a specific distribution, or set of distributions. And then, you'd have to limit it to designated releases.

Case and point: my day job is a Linux system administrator. I had no clue NSS could be an authority on certificates.

jsumners avatar Feb 07 '18 13:02 jsumners

Looks like tls-keygen had an update https://www.npmjs.com/package/tls-keygen

@sebdeckers how do you feel about it? Is it good enough to integrate?

yoshuawuyts avatar Feb 13 '18 09:02 yoshuawuyts

@yoshuawuyts Despite my Twitter-hype there is still some critical work to be done, namely the Linux support.

I need to compile a list of target distros and then try them out with various browsers. My knowledge is limited, so just going by what the internet tells me.

Top 10 Linux Distros For Desktop – 2018 Edition https://www.techworm.net/2018/01/top-10-linux-distros-desktop-2018-edition.html

  • Ubuntu
  • Manjaro
  • Mint
  • Debian
  • openSUSE
  • Arch
  • Slackware
  • Gentoo
  • ...

23 Best web browsers for Linux as of 2018 https://www.slant.co/topics/4281/~web-browsers-for-linux

(Seriously? 23 browsers? 🤨)

  • Firefox
  • Chromium
  • Brave
  • Chrome
  • Opera
  • Vivaldi
  • Epiphany
  • Rekonq
  • Konqueror
  • Min
  • Midori
  • ...

IIRC you had a really interesting setup on your machine. Any way I can approximate that?

sebdeckers avatar Feb 13 '18 12:02 sebdeckers