I'm working on an addon which includes an iframe served over https. https is needed for WebChannel (chrome to content) communication to work. It's also going to be needed to find and avoid mixed-content warnings as we pull various bits of remote content into that frame.
Setting this all up is medium-unpleasant, as ops tasks go. I want to remember how I did it, so here are some quick notes:
Assuming you're using the built-in Apache2 install on OSX Yosemite, follow these guides:
- http://brianflove.com/2014/12/01/self-signed-ssl-certificate-on-mac-yosemite/
- http://brianflove.com/2014/12/02/enable-https-in-apache-on-mac-yosemite/
- I also used this nice compact example to firm up my SSL VirtualHost: http://stackoverflow.com/questions/19844235/virtual-host-with-ssl-support-on-os-x-mavericks
You can't just click to accept self-signed certs in iframes in FF; the idea is to prevent clickjacking. (See https://bugzil.la/792479 for more.) To work around this, make yourself a certificate authority in your Firefox addon profile:
- Open up FF
- Go to Preferences > Advanced > View Certificates > 'Authorities' tab > Import file...
- In the finder window, command-shift-g lets you specify the path to the cert, probably something like
/private/etc/apache2/ssl/localhost.crt
. - After restarting FF, you'll get a working iframe, not an iframe that shows an Untrusted Connection error.