Re: [Hawkular-dev] SSL by default
On 26.05.2016 16:31, Stefan Negrea wrote:
I like Jiri's idea. Why not deliver the distribution without a
certificate but add documentation and tooling (scripts or code) to
easily install a certificate from letsencrypt.org
<http://letsencrypt.org>? It's the cleanest solution since it will avoid
bundling a self-signed certificate.
I believe there was a discussion some time ago on Elytron on adding
something like this to Wildfly proper. I'll check what's the current
status on this.
The main issue I have with
self-signed certificates is that users will most likely not change it,
which is a bigger issue than using unsecured connections.
We are not shipping any certs on the proper distribution. We are adding
the self signed only for dev builds.
- Juca.