How to transition from a local Django development server to a restricted public test server?
One possible idea is to give testers client-side X509 certificates.
- A person enters their certificate and private key into their browser. In my Firefox it's in Preferences -> Privacy -> scroll to the very bottom -> View Certificates -> tab Your Certificates -> Import
- Your end of SSL/TLS connection (nginx reverse proxy, haproxy, apache, etc) although listens on a public 443 port, is configured not only to serve the usual server-side certificate, but also to require a successful verification of a client-side certificate (you configure to only accept tester's certificates obviously).
- These are advanced SSL/TLS options on your end, so for example AWS ALB implementation of https is insufficient.
- Only https usage can be authorized this way, not plaintext http.
- This doesn't impact contents of http GET/POST/cookie at all, therefore it doesn't impact authentication schemes at these levels.
- Unauthorized browsers display an SSL/TLS error - they cannot pass any GET/POST whatsoever.