Open amplifi opened 7 years ago
pranjaltale16
commented
7 years ago @amplifi Instead of using a self-signed certificate, I would suggest using a free open-source Certificate Signing authority like Let's Encrypt. Because using a self-signed certificate would require users to add it to the list of confirmed security exceptions, which on the first view creates an impact of insecure website. If you want to, I can explain the process.
seav
commented
7 years ago @pranjaltale16, since the certificate is only going to be added to the development VM and not a public-facing website, using a self-signed certificate is actually the correct approach. Besides, we access the development VM using the localhost hostname or an IP address so a Let's Encrypt certificate will not work because there is no registered domain name that the Let's Encrypt certificate can validate.
amplifi
commented
7 years ago @pranjaltale16 This issue is for adding SSL to the development VM, which is run locally by Cadasta developers. In the VM, platform is run under localhost which is unsupported by Let's Encrypt and other CAs. There is more complexity to this issue. I recommend you look for issues marked "First Contributor Friendly."
pranjaltale16
commented
7 years ago @amplifi @seav, Sure I will look for First Contributor Friendly issues.
Add self-signed SSL config to the development VM, then move the cookie settings from #1273 to the default file.