re: [discontinued] Run a green-badge local HTTPS server with zero configuration VIEW POST

FULL DISCUSSION
 

This is absolutely horrible advice. You are literally saying 'it's ok to trust someone because they say they are trustworthy'. That is the worst security advice there is.

You can create your own self signed certificate very easily that allows you to test your web code. digitalocean.com/community/tutoria... should work for most linux distributions.

Beyond that, you could also do much better by using LetsEncrypt to generate a test and a production certificate, both of which would be good for 90 days, and simply re-renew them through the acme framework or other similar tools.

 

This is absolutely horrible advice. You are literally saying 'it's ok to trust someone because they say they are trustworthy'. That is the worst security advice there is.

Where am I saying this?

I am afraid you totally misunderstood the point of this post. This has nothing to do with trust at all. It is not meant to be secure nor trusted.

It strictly works for localhost, and merely to satisfy Chrome while testing if your asset URLs are all https, all your cookies are secure etc.

This CANNOT be used in production, because as mentioned in the article, the domain points to 127.0.0.1. And even if I change the domain to another IP address, visiting it would be simply like visiting any URL on the vast web.

The link you cite has nothing to do with this post.

code of conduct - report abuse