The rest-server documentation says:
Signed certificate is normally required by the restic backend, but if you just want to test the feature you can generate password-less unsigned keys with the following command:
openssl req -newkey rsa:2048 -nodes -x509 -keyout private_key -out public_key -days 365 -addext "subjectAltName = IP:127.0.0.1,DNS:yourdomain.com"
That left me confused. What about the above means that its only for test? Is it that its password-less or unsigned keys (whatever that means).
As far as I know, the certificate grants cryptographic security that the client is talking to the correct server. The rest-server authentication password grants knowledge that the server is talking to an authorized client.
So far so good. But is there anything else. Am I missing something. Or should we amend the documentation a bit?
Alexander mentions the security here and from that I also deduce that it should be fine. But I would like confirmation from someone who knows more about it than I do.
Thank you.
And PS: It really was pretty easy getting the rest server https configured. Pretty nice!