INTL 3:770/1 3:770/3
REPLYADDR bp@www.zefox.net
REPLYTO 3:770/3.0 UUCP
MSGID: a9fad0ee
REPLY: 0118dd0f
PID: SoupGate-Win32 v1.05
Lawrence D'Oliveiro wrote:
> On Sun, 1 Sep 2024 16:12:50 -0000 (UTC), bp wrote:
>
>> In principle it would make sense to make a root CA for the three domains
>> (zefox.com, zefox.net and zefox.org) under my control but if I disturb
>> that one CA up all three become unreliable.
>
> If these are names intended to be accessed by the general public, then you
> need certs signed by official CAs that are trusted as standard by the
> browsers that the general public uses.
>
> Setting up your own private CA only works for authentication between
> machines that you control.
I understand that's the general intention, but can't browsers be told
to trust a particular self-signed certificate by a user? That's what
I was trying to do in my initial experiment, but apparently didn't
construct the certificate correctly. If there's something else I'm doing
wrong it'd to good to know now. The facility to export and import
certificates to Chromium under Raspian Bookworm seems to suggest so.
Thanks for writing, and again for your patience!
bob prohaska
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
SEEN-BY: 10/0 1 90/1 103/705 105/81 106/201 124/5016 129/305 153/757
SEEN-BY: 153/7715 218/0 1 601 700 840 870 930 220/70 221/1 6 360 226/17
SEEN-BY: 226/30 100 227/114 229/110 111 114 200 206 300 317 400 426
SEEN-BY: 229/428 470 550 616 664 700 240/1120 266/512 267/800 282/1038
SEEN-BY: 291/111 292/854 301/1 113 812 310/31 320/219 322/757 335/364
SEEN-BY: 341/66 342/200 396/45 460/58 633/280 712/848 770/1 3 100
SEEN-BY: 770/330 340 772/210 220 230 5020/400 1042 5058/104 5075/35
PATH: 770/3 1 218/840 221/6 301/1 218/700 229/426
|
