Private key available in repo

Question

Private key available in repo

Closed this issue 6 years ago · 3 comments

I doubt you meant to commit your certs to the repo, but they should be removed (and probably invalidate/revoke them).

Answer 1 · 2018-03-26T07:35:36.000Z

Hi belak! The fact is that jackal enfoces the use of a TLS/SSL connection, and that cert is nothing more than a localhost domain self signed certificate with no expiration date. The idea is to allow anyone to try the server without having to deal with any cert issues. I'm also considering to implement auto TLS vía Let's Encrypt in the future. :)

Answer 2 · 2018-03-26T08:06:03.000Z

Sounds good. Thanks for clarifying!

Answer 3 · 2018-03-26T08:51:12.000Z

In order to avoid confusions, I've updated the README.md file explaining how to generate a default self-signed certificate. Also updated the Dockerfile. ;)