Caddy: Self Signed certificates not in memory?

Created on 20 Jul 2016  路  6Comments  路  Source: caddyserver/caddy

Is there anyway to have Caddy generate a self signed certificate and store it in the normal area? ~/.caddy. This would really help as we could make the certificates persistent throughout different machines and builds. What I mean by this is that if I use Caddy inside of a docker container, every time I restart that container a new self signed certificate is generated, thus I have to add that new certificate to be trusted by my local browser. Instead, if we were able to persist certificates in the same way that real certs are persisted, then we would only need to trust one self signed cert, and all members of a development team could also just trust that same cert.

Sorry for the wall of text! If there is someway I could help with this I can definitely try. Let me know what you think! :)

feature request
Source
picture kilpatty
👍1

Most helpful comment

Also, you can tell Chrome to ignore cert warnings on localhost. chrome://flags/#allow-insecure-localhost :+1: I'll recommend that route for now.

picture mholt on 22 Jul 2016
👍2

All 6 comments

Map ~/.caddy to a directory on the host.

abiosoft picture abiosoft on 20 Jul 2016

@abiosoft I tried that but wasn't getting a certificate for some reason. I tried exec'ing into the container and searching for a cert in ~/.caddy and couldn't find one.

kilpatty picture kilpatty on 20 Jul 2016

The self-signed certs are kept in memory only; they're not written to disk.

I guess we _could_ flush them but I didn't intend for Caddy to become a certificate generation tool really; at the point of wanting to reuse a dev certificate you might as well just run openssl then bring your own cert (tls cert.pem key.pem kind of thing).

mholt picture mholt on 20 Jul 2016
👍1

Also, you can tell Chrome to ignore cert warnings on localhost. chrome://flags/#allow-insecure-localhost :+1: I'll recommend that route for now.

mholt picture mholt on 22 Jul 2016
👍2

@mholt Perfect! Didn't find that option in my googling haha. Thanks!! :)

kilpatty picture kilpatty on 22 Jul 2016

well keeping the dev cert and making it trusted makes any browser shut up about it. and to be honest it's easier to use caddy to let the certs be made than to do it with openssl.

My1 picture My1 on 14 Nov 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

xfzka picture xfzka  路  3Comments
la0wei picture la0wei  路  3Comments
klaasel picture klaasel  路  3Comments
jgsqware picture jgsqware  路  3Comments
aeroxy picture aeroxy  路  3Comments