How can I generate and setup a self-signed certificate for development?

[josecelano]

Hi, I'm trying to setup HTTPs using axum-crate in https://github.com/torrust/torrust-index/pull/584

I think I have done the same as you do in the example: https://github.com/programatik29/axum-server/blob/master/examples/from_std_listener_rustls.rs

However, I'm getting this error:

curl -vi https://localhost:3000/v1/about
*   Trying 127.0.0.1:3000...
* Connected to localhost (127.0.0.1) port 3000 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* OpenSSL/3.0.8: error:0A00010B:SSL routines::wrong version number
* Closing connection 0
curl: (35) OpenSSL/3.0.8: error:0A00010B:SSL routines::wrong version number

I have generated the certificate as described in https://letsencrypt.org/docs/certificates-for-localhost/. I've also tried using the ones in the example (in this repo).

[josecelano]

The certificate was ok. Both the one I was generating with Let's Encrypt and the one included in this repo's examples.

The problem was I was using a custom TimeoutAcceptor:

match tls {
    Some(tls) => custom_axum::from_tcp_rustls_with_timeouts(socket, tls)
        .handle(handle)
         //.acceptor(TimeoutAcceptor) // <- commenting this line fixed the problem
        .serve(router.into_make_service_with_connect_info::<std::net::SocketAddr>())
        .await
        .expect("API server should be running"),
    None => custom_axum::from_tcp_with_timeouts(socket)
        .handle(handle)
        .acceptor(TimeoutAcceptor)
        .serve(router.into_make_service_with_connect_info::<std::net::SocketAddr>())
        .await
        .expect("API server should be running"),
};

I copied the TimeoutAcceptor from a @programatik29 gist:

https://gist.github.com/programatik29/36d371c657392fd7f322e7342957b6d1

I guess that code has to be fixed to support TLS. But that's another different problem.