public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* Re: [gentoo-user] app-misc/ca-certificates
  @ 2021-06-01 21:38 99%         ` Michael Orlitzky
  0 siblings, 0 replies; 1+ results
From: Michael Orlitzky @ 2021-06-01 21:38 UTC (permalink / raw
  To: gentoo-user

On Tue, 2021-06-01 at 15:25 -0600, Grant Taylor wrote:
> 
> The proper way configure certificates is:
> 
> 1)  Create a key on the local server.
> 2)  Create a Certificate Signing Request (a.k.a. CSR) which references, 
> but does not include, the key.
> 3)  As a CA to sign the CSR.
> 4)  Use the certificate from the CA.
> 
> The important thing is that the key, which is integral to the encryption 
> *NEVER* *LEAVES* *YOUR* *CONTROL*!
> 

*Any* CA can just generate a new key and sign the corresponding
certificate. All browsers will treat their fake certificate
corresponding to the fake key on their fake web server as completely
legitimate. The "real" original key that you generated has no special
technical properties that distinguish it.




^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2021-05-29  1:08     [gentoo-user] app-misc/ca-certificates zcampe
2021-05-29  6:26     ` Walter Dnes
2021-06-01  4:45       ` J. Roeleveld
2021-06-01  5:15         ` William Kenworthy
2021-06-01 21:25           ` Grant Taylor
2021-06-01 21:38 99%         ` Michael Orlitzky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox