Our great sponsors
-
mkcert
A simple zero-config tool to make locally trusted development certificates with any names you'd like.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
After I couldn't get simple google example to work ("How to generate a self-signed SSL certificate") I was searching on the rustls repo and found this issue about self-signed certs which made it sound like it wasn't straight forward. Looking into the mentioned test-ca directory wasn't helping either. I might have also accidentally been hit by this issue.
Try mkcert (https://github.com/FiloSottile/mkcert). It’s super easy to set up and use.
rustls definitely does support self-signed certificates, but it makes it somewhat harder to use to prevent users from shooting themselves in the foot trusting certificates that should not be trusted. I've used the rcgen crate in the past to work with self-signed certificates, some example code is here: https://github.com/djc/sign-cert-remote/blob/main/src/main.rs.
Yes, rustls currently doesn't support certificates without hostnames (only an IP); this is actually an issue with the webpki crate, and work to solve it is ongoing (will hopefully land in a release in a few months or so).
I haven't added TLS to my Rust HTTP creation yet, but it's intended to be a miniserve-like self-contained portable app that you can run off a thumbdrive on any computer just by double-clicking it.