[Interest] wss:// on localhost
Thiago Macieira
thiago.macieira at intel.com
Tue Jul 21 21:15:29 CEST 2020
On Tuesday, 21 July 2020 10:32:13 PDT Alexander CarĂ´t wrote:
> Hej Thiago,
>
> > Whether they work or not is irrelevant, since you shouldn't be shipping
> > the
> > same certificate to all users. You'd have to make it extremely long-lived
> > (expiry 20 years from now). Generating a short-lived one (3 months) limits
> > the damage if it somehow gets misused.
>
> just to avoid misunderstandings: The goal is not sending existing
> certificates as part of the application download but rather generate the
> certificte automatically upon launching the app ?
Yes. And do it again every couple of months, if the certificate has expired or
will expire within the lifetime of your process.
> Is this somehow the right track or am I completely mistaken ? Sorry again -
> completely new in the domain of security ;-)
That would be fine. The problem is guaranteeing the existence of the openssl
command. It would be up to you to do that.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel DPG Cloud Engineering
More information about the Interest
mailing list