When running docker compose on mac everything works like in the tutorials. How can I do away with the insecure connection (invalid certificate) ?
Instead of “self signed” certificates, you will need “proper” certificates, or add the self-signed certificate in your browser trusted store.
and:
More reading:
Answer from ChatGPT on “Is self-signed certificate secure?”
GOOD ANSWER.
[ChatGPT]
A self-signed certificate is a type of digital certificate that is signed by its own creator rather than a trusted third-party Certificate Authority (CA). While self-signed certificates can provide encryption for data transmission (using HTTPS) and help establish a secure connection between a client and a server, they come with certain security considerations:
-
Lack of Trust: The main issue with self-signed certificates is that they are not backed by a trusted CA. When a user’s browser encounters a self-signed certificate, it will typically display a warning message, indicating that the certificate is not trusted. This warning can lead to a poor user experience and might make users more susceptible to phishing attacks if they become accustomed to bypassing these warnings.
-
Man-in-the-Middle Attacks: Because there is no external authority vouching for the authenticity of the certificate, a man-in-the-middle attacker could potentially intercept the connection and present their own self-signed certificate to both the client and the server. Without a trusted third-party verifying the certificate, there’s a higher risk of falling victim to such attacks.
-
No Revocation Checking: Self-signed certificates don’t have the ability to be revoked. If the private key associated with a self-signed certificate is compromised, there’s no straightforward way to invalidate it, as there is with certificates issued by trusted CAs.
-
Limited Use Cases: Self-signed certificates might be suitable for limited use cases, such as testing and development environments where the focus is on encryption rather than establishing trust. In production environments or when handling sensitive data, it’s generally recommended to use certificates issued by well-known and trusted CAs.
In summary, self-signed certificates can provide encryption for data transmission, but they lack the trust and security features provided by certificates issued by trusted CAs. If security and trust are important in your application, it’s advisable to use certificates from reputable CAs. If you choose to use self-signed certificates, be aware of the limitations and potential risks associated with them.