* Re: [gentoo-user] app-misc/ca-certificates
@ 2021-06-01 21:38 99% ` Michael Orlitzky
0 siblings, 0 replies; 1+ results
From: Michael Orlitzky @ 2021-06-01 21:38 UTC (permalink / raw
To: gentoo-user
On Tue, 2021-06-01 at 15:25 -0600, Grant Taylor wrote:
>
> The proper way configure certificates is:
>
> 1) Create a key on the local server.
> 2) Create a Certificate Signing Request (a.k.a. CSR) which references,
> but does not include, the key.
> 3) As a CA to sign the CSR.
> 4) Use the certificate from the CA.
>
> The important thing is that the key, which is integral to the encryption
> *NEVER* *LEAVES* *YOUR* *CONTROL*!
>
*Any* CA can just generate a new key and sign the corresponding
certificate. All browsers will treat their fake certificate
corresponding to the fake key on their fake web server as completely
legitimate. The "real" original key that you generated has no special
technical properties that distinguish it.
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2021-05-29 1:08 [gentoo-user] app-misc/ca-certificates zcampe
2021-05-29 6:26 ` Walter Dnes
2021-06-01 4:45 ` J. Roeleveld
2021-06-01 5:15 ` William Kenworthy
2021-06-01 21:25 ` Grant Taylor
2021-06-01 21:38 99% ` Michael Orlitzky
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox