chore: improve cert-signed.sh and doc

Signed-off-by: Sebastian Davids <[email protected]>

Author: sdavids

README.adoc

@@ -456,7 +456,7 @@ $ npm run docker:run:secure
 
 [IMPORTANT]
 ====
-You need to create the necessary private key and certificate via <<cert_self_signed>>.
+One needs to create the necessary private key and certificate via <<cert_self_signed>>.
 ====
 
 ==== docker:sh
@@ -543,8 +543,35 @@ The generated certificate is valid for 10 days.
 
 ===== MacOS
 
-You need to add the created certificate to _Keychain Access_.
+One needs to add the created certificate to one's login keychain:
 
-Add `docker/app/cert.pem` to your "login" keychain and set _Secure Sockets Layer (SSL)_ to "Always Trust":
+[source,shell]
+----
+$ security add-trusted-cert -p ssl -k "$(security login-keychain | xargs)" docker/app/cert.pem
+----
+
+Check your login keychain in  _Keychain Access_; _Secure Sockets Layer (SSL)_ should be set to "Always Trust":
 
 image::src/docs/asciidoc/images/self-signed-macos.png[]
+
+[NOTE]
+====
+Chrome and Safari need no further configuration.
+====
+
+===== Firefox (MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT)
+
+One needs to bypass the https://support.mozilla.org/en-US/kb/error-codes-secure-websites#w_self-signed-certificate[self-signed certificate warning] by clicking on "Advanced" and then "Accept the Risk and Continue":
+
+image::src/docs/asciidoc/images/self-signed-firefox.png[]
+
+[NOTE]
+====
+One can delete the bypass via `Firefox > Preferences > Privacy & Security > Certificates`; click "View Certificates...":
+
+image::src/docs/asciidoc/images/self-signed-firefox-delete-1.png[]
+
+Click on the "Servers" tab:
+
+image::src/docs/asciidoc/images/self-signed-firefox-delete-2.png[]
+====

scripts/cert-self-signed.sh

@@ -24,6 +24,7 @@ readonly days="${1:-10}"
 
 mkdir -p docker/app
 
+# https://developer.chrome.com/blog/chrome-58-deprecations/#remove_support_for_commonname_matching_in_certificates
 openssl req \
     -newkey rsa:2048 \
     -x509 \
@@ -33,6 +34,6 @@ openssl req \
     -out docker/app/cert.pem \
     -subj '/CN=localhost' \
     -extensions EXT -config <( \
-       printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") \
+       printf "[dn]\nCN=localhost\n[req]\ndistinguished_name=dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") \
     -sha256 \
     -days "${days}"