
Where to get an HTTPS certificate for localhost - tbodt
If you download the discord client, unpack it, and look in the bootstrap folder (which should be next to the app.asar folder), you&#x27;ll find discord_rpc.zip. Unpack that, look in data, and you&#x27;ll find this_is_not_a_security_issue.{crt,key} which is the public and private key for an HTTPS certificate for *.discordapp.io, which is a domain that resolves to 127.0.0.1. This could be useful for testing HTTPS on localhost.
======
schoen
This is not permitted by Comodo's policy. I am going to report this to Comodo.
Edit: contacting Discord first to let them know that they need to change this.

Please see the recent discussion on this practice (which mentions Discord):

[https://groups.google.com/forum/#!topic/mozilla.dev.security...](https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/eV89JXcsBC0)

Follow-up: I wrote to Discord to point out this m.d.s.p thread to them and am
holding off on my report to Comodo to wait to hear back from Discord about
their intentions.

Note that section 6.1.2 of the CA/Browser Forum Baseline Requirements says "If
the CA or any of its designated RAs become aware that a Subscriber’s Private
Key has been communicated to an unauthorized person or an organization not
affiliated with the Subscriber, then the CA SHALL revoke all certificates that
include the Public Key corresponding to the communicated Private Key."

------
viraptor
You can generate one for yourself. Look for tutorials on self-signed
certificates. You'll have to import the CA to your browser to make it trusted,
bit for testing that should be just fine.

