What are the best practices to work with https/certificates in a project? Should I commit the certificate to the repository? Should I use the production certicate in my development environment?

I never really worked using https, recently I got to work in a project that requires https intead of http. It was quite easy to convert the http setup to https, but I have some doubts about how to handle certificates. From what I saw, the other developers from another project put the certificates inside a folder and commited it to the repository and used it in the development and production evironments.I don't think this is the best practice in this case, so I put the certificates in the gitignore and tryed to set up an self-signed certificate using openssl to work in development environment. The only thing that doesn't seem to work is that chrome browser complains about this certificate and I have to setup postman to accept it.What advice would you give me?

Submitted October 01, 2019 at 01:44AM by eliseu_videira