Third-Party Signed SSL Certificate for localhost or 127.0.0.1?

Question

Without divulging TOO much information, I need to setup a web server system that is intended to be used by end users all over the internet.

the use case is such tha

Answer 1

I had this same requirement. So the reason why you have to use SSL is because just about every browser now barfs if you use https and try to connect to an http resource even if the http resource is on localhost which is silly to me.

Because of JS SOP our localhost web server serves up a js file and then the JS inside the webapp can make calls to this localhost webserver.

So we made local.example.com point to 127.0.0.1 and actually bought an SSL certificate for this hostname. We then ship the private key inside this web server which gets installed on the user's computer. Yes, we're crazy.

All of this actually works quite well. We're been running like this with a few hundred users for about 6 months now.

The only problem we sometimes run into is that this doesn't work right when a user is using a proxy server. The requests are sent to the proxy server and it tries to connect to 127.0.0.1 at the proxy server which obviously doesn't work. The work-around is to add an exclusion to the proxy server config so that it bypasses the proxy server for requests to local.example.com

Another scenario where it will get a little tricky is when users try to use Citrix or Terminal Services. You have to make sure the web server for each user is running on a different port and then inform your remote web server of the port number so that pages generated on the server will have the right port number. Fortunately we haven't run into this yet. It also seems like more people are using virtual machines these days instead of Citrix.

Did you ever find a better way?