Hi, On Tue, 09 Jan 2018 21:04:34 +0000 Nicholas Humfrey via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> What is the correct way for them to achieve what they are trying to > do? > > Would it be better to use a self-signed localhost certificate (same > subject and > issuer), generated individually on each machine it is installed on? I covered this in detail in the last Bulletproof TLS Newsletter: https://www.feistyduck.com/bulletproof-tls-newsletter/ Creating a local root on each host individually *with an individual private key* is kinda okay. The cleaner solution is to connect via http and the localhost IP (127.0.0.1), which should not throw mixed contentwarnings - however not all browsers support that yet. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy