ferventcoder
commented
6 years ago FYI - it is completely out of the control of Simple Server in how you set up your certificates. If you do a self-signed cert, you should also make it a trusted cert on the machine(s) you are pushing from (and probably everywhere you want to install from as well). That's how SSL/TLS is done, there are no shortcuts to the process.
When I asked you to create an issue, it was for documenting HOW to use a self-signed certificate, not to find a way to circumvent the process. You have to establish the trust relationship and you do that by adding the self-signed certificate to your trusted certificates on the machine you are pushing from (and probably everywhere you want to install from as well). That is how it is done in SSL cert land, it's not something that should be circumvented.
As this issue is worded now, it's not going to happen. However, it may be good to file an issue on documenting the process for others so they understand everything that needs to be done.
(from #26 closed)
I created a self-signed cert for my inhouse test Chocolatey Simple Server. I tried to push a package and got the error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." Since it's a self-signed cert, of course I get not trusted errors/warnings in Firefox (and other browsers) as well, but they can be "pushed through." Adding configurable levels of connection security, including a lower level one that doesn't care if a self-signed cert was found by choco, would be awesome. (Yeah, requires research on SSL/TLS versions and compatibility.) I'm not really sure if this is a CSS or choco enhancement request. :) End result would be for CSS to be somehow compatible with self-signed certs.
(My Exchange server has a real cert, but I'd rather keep Chocolatey Simple Server on my apps server which otherwise doesn't need a cert and I don't really want to spend money on one for my CSS "toy.")