-1 I agree, application servers, such as WildFly provide similar solutions. By default WildFly will generate a self-signed certificate for the https/h2 listener.
Emond On dinsdag 16 januari 2018 05:10:32 CET Maxim Solodovnik wrote: > -1 > > I believe it's good to have HTTPS configuration ready for the tests. > It is impossible to provide non-self-signed, so IMO security warning > is OK here > > On Mon, Jan 15, 2018 at 3:42 AM, Martin Grigorov <[email protected]> wrote: > > -1 > > > > The current setup makes it easier to debug HTTPS related issues. > > I, personally, do not want to deal with openssl, keytool and > > jetty-https.xml just to debug an issue in HttpsMapper or related code. > > > > A user can use http://localhost if (s)he doesn't want to accept self > > signed > > certs. > > > > My 2c. > > > > On Sun, Jan 14, 2018 at 8:16 PM, Martijn Dashorst < > > > > [email protected]> wrote: > >> The quick start uses a self signed certificate that gives errors in > >> browsers and requires folks to accept the certificate in their trust > >> chain. > >> > >> I suggest we remove the secure layer part from our quickstart just to > >> make sure we don't train our users to accept any certificate. WDYT? > >> > >> Martijn
