How to setup your own CA with OpenSSL
For educational reasons I've decided to create my own CA. Here is what I learned.
First things first
Lets get some context first.
|"binaryLiterals": false, // enable binary literals|
|"blockBindings": false, // enable let and const (aka block bindings)|
|"defaultParams": false, // enable default function parameters|
|"forOf": false, // enable for-of loops|
|"generators": false, // enable generators|
|"objectLiteralComputedProperties": false, // enable computed object literal property names|
|// nomdev.rb expects and needs to be executed from a project's root directory|
|// At the bare minimum, we need the executable paths to:|
|// a) Ruby v1.9.x interpreter; b) nomdev.rb; c) CMake v2.6.x+;|
|// d) build tools (make, clang, etc.)|
|// Default build (Command + B)|
|"cmd": [ "nomdev.rb build --threads 6; nomdev.rb install" ],|
|// We need shell access in order to execute our build|
One of the best ways to reduce complexity (read: stress) in web development is to minimize the differences between your development and production environments. After being frustrated by attempts to unify the approach to SSL on my local machine and in production, I searched for a workflow that would make the protocol invisible to me between all environments.
Most workflows make the following compromises:
Use HTTPS in production but HTTP locally. This is annoying because it makes the environments inconsistent, and the protocol choices leak up into the stack. For example, your web application needs to understand the underlying protocol when using the
secure flag for cookies. If you don't get this right, your HTTP development server won't be able to read the cookies it writes, or worse, your HTTPS production server could pass sensitive cookies over an insecure connection.
Use production SSL certificates locally. This is annoying