Comment by tedunangst 2 years ago Run your own CA and choose your roots carefully didn't make the cut. 3 comments tedunangst Reply fanf2 2 years ago A bit difficult when providing services to third parties who can use any client software :-/ tedunangst 2 years ago That's actually probably easier than getting a browser to work with a forbidden cert, how dare you. justsomehnguy 2 years ago Yes, but if you can serve multiple certificates on one endpoint (think SNI) then you can add your own self-signed or private PKI certificate to be able to check if all your requests are being intercepted by a lazy adversary.
fanf2 2 years ago A bit difficult when providing services to third parties who can use any client software :-/ tedunangst 2 years ago That's actually probably easier than getting a browser to work with a forbidden cert, how dare you. justsomehnguy 2 years ago Yes, but if you can serve multiple certificates on one endpoint (think SNI) then you can add your own self-signed or private PKI certificate to be able to check if all your requests are being intercepted by a lazy adversary.
tedunangst 2 years ago That's actually probably easier than getting a browser to work with a forbidden cert, how dare you.
justsomehnguy 2 years ago Yes, but if you can serve multiple certificates on one endpoint (think SNI) then you can add your own self-signed or private PKI certificate to be able to check if all your requests are being intercepted by a lazy adversary.
A bit difficult when providing services to third parties who can use any client software :-/
That's actually probably easier than getting a browser to work with a forbidden cert, how dare you.
Yes, but if you can serve multiple certificates on one endpoint (think SNI) then you can add your own self-signed or private PKI certificate to be able to check if all your requests are being intercepted by a lazy adversary.