Menu
In the process of setting up an SSL certificate for my site, several different files were created,
Should these be added to .gitignore before pushing my site to github?
Apologies in advance if this is a dumb question.
821
Simple answer: store them in Keeper. With Keeper, these digital assets are fully encrypted locally on your device with 256-bit AES and the ciphertext is stored in Keeper's Cloud Security Vault.
Prepend GIT_SSL_NO_VERIFY=true before every git command run to skip SSL verification. This is particularly useful if you haven't checked out the repository yet. Run git config http. sslVerify false to disable SSL verification if you're working with a checked out repository already.
When pushing, pulling, or cloning, Git cannot verify your SSL certification, which leads to the error. A valid HTTPS handshake requires both the client and the server to create a secure connection, allowing for safe communication between your local machine and where the source code is hosted.
An SSL certificate is a file installed on a website's origin server. It's simply a data file containing the public key and the identity of the website owner, along with other information. Without an SSL certificate, a website's traffic can't be encrypted with TLS.
The certificate is essentially the public key. It is sent out to everyone that connects to the server. It can be stored in the repository. (The hint from @VonC is correct, code and data should be separated, but it can be e.g. in a separate repository for the deployment).
The most important is to make sure the *.key files are only readable by root ( SSL/TLS Strong Encryption: FAQ ). My experience is that it could be realized also to other files of the certificates (like *.crt for example). In some particular case, the localization can be different of course.
The directory permissions should be 700, the file permissions on all the files should be 600, and the directory and files should be owned by root. Show activity on this post. The most important is to make sure the *.key files are only readable by root ( SSL/TLS Strong Encryption: FAQ ).
The files have different content, and depending on that they require a different access control: server.csr: This is a certificate signing request file. It is generated from the key ( server.key in your case) and used to create the certificate ( site_name.crt in your case). This should be deleted when the certificate has been created.
Should these be added to .gitignore before pushing my site to github?
They should not be in the repo at all, meaning stored outside of the repo.
That way:
.gitignore,GitHub actually had to change it search feature back in 2013 after seeing users storing keys and passwords in public repositories. See the full story.
The article includes this quote:
The mistakes may reflect the overall education problem among software developers.
When you have expedited programs—"6 weeks and you'll be a real software developer"—to teach developing, security becomes an afterthought. And considering "90 percent of development is copying stuff you don't understand, I'd bet most of them simply don't know what id_rsa is"
In 2016, this "book" (as a joke) reflects that:
The OP adds:
I think Heroku requires putting the files into the repo in order to run "
>heroku certs:add server.crt server.key" and setup the cert.
"Configuration and Config Vars" is one illustration on that topic:
A better solution is to use environment variables, and keep the keys out of the code. On a traditional host or working locally you can set environment vars in your bashrc file. On Heroku, you use config vars.
The article "Heroku: SSL Endpoint" does not force you to have those key and certificate in your code. They can be generated directly on Heroku and saved anywhere else for safekeeping. Just not in a git repo.
123
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
