All documentation assumes your terminal is in this directly (cd https-tls/hot-reload).
We put the self-signed certificate in this directory as an example but your browser would complain that it isn't secure. So we recommend to use mkcert to trust it. To use local CA, you should run:
$ mkcert -installIf you want to generate your own cert/private key file, then run:
$ mkcert -key-file key.pem -cert-file cert.pem 127.0.0.1 localhost$ RUST_LOG=info,example=debug cargo run
Starting HTTPS server at https://localhost:8443Reload the server by modifying the certificate metadata:
$ touch cert.pemFor a deeper inspection, use a tool like inspect-cert-chain between refreshes of the cert/key files using mkcert as shown above:
$ inspect-cert-chain --host=localhost --port=8443
...
Serial Number:
06:81:db:16:ff:c4:73:69:73:69:ae:d1:0e:3d:d1:5e
...
$ mkcert -key-file key.pem -cert-file cert.pem 127.0.0.1 localhost
...
$ inspect-cert-chain --host=localhost --port=8443
...
Serial Number:
00:a8:39:e7:aa:2e:73:18:f6:4e:d5:71:1e:c7:21:51:58
...Observing a change in the serial number without restarting the server demonstrates that the setup works.
- HTTPie:
http --verify=no :8443 - cURL:
curl -v --insecure https://127.0.0.1:8443 - Browser: navigate to https://127.0.0.1:8443
