0
I am wanting to use the browser-based notebook interface of Sage, a computer algebra system. Before I can do this I need to ensure that neither remote nor local privilege escalation is possible. To ensure this, I am using a strong password (256 bits from /dev/random) and a combination of HSTS and certificate pinning.
Specifically, I would like to know how to force Firefox and Chrome to accept connections to a certain port on localhost if and only if the connection is HTTPS and the server has a certain certificate (stored in my home directory).
Edit: This is on my personal system. The certificate that will be used is one I created locally.
Demi
Posted 2015-10-19T05:12:31.740
Reputation: 718
Chrome uses the operating system's certificate store. Firefox uses its own certificate store. Add the certificate to the operating system's certificate store and Firefox's certificate store and you will be able to accomplish what you desire. – Ramhound – 2015-10-19T10:54:55.037
No -- I want only one certificate to be valid for this particular address. I want all other certificates, as well as insecure HTTP connections, to be rejected. – Demi – 2015-10-20T06:09:12.307
If you want that then you need to go to a CA and purchase a certificate for the specific domain in question or I suppose self-sign your own certificate but there are dangers in doing that. – Ramhound – 2015-10-20T10:55:35.173
There is no danger here with a self-signed certificate. The "self" is me -- I trust the cert because I created it. – Demi – 2015-10-22T04:10:35.860