← Back to context Comment by tedunangst 3 years ago Run your own CA and choose your roots carefully didn't make the cut. 3 comments tedunangst Reply fanf2 3 years ago A bit difficult when providing services to third parties who can use any client software :-/ tedunangst 3 years ago That's actually probably easier than getting a browser to work with a forbidden cert, how dare you. justsomehnguy 3 years ago Yes, but if you can serve multiple certificates on one endpoint (think SNI) then you can add your own self-signed or private PKI certificate to be able to check if all your requests are being intercepted by a lazy adversary.
fanf2 3 years ago A bit difficult when providing services to third parties who can use any client software :-/ tedunangst 3 years ago That's actually probably easier than getting a browser to work with a forbidden cert, how dare you. justsomehnguy 3 years ago Yes, but if you can serve multiple certificates on one endpoint (think SNI) then you can add your own self-signed or private PKI certificate to be able to check if all your requests are being intercepted by a lazy adversary.
tedunangst 3 years ago That's actually probably easier than getting a browser to work with a forbidden cert, how dare you.
justsomehnguy 3 years ago Yes, but if you can serve multiple certificates on one endpoint (think SNI) then you can add your own self-signed or private PKI certificate to be able to check if all your requests are being intercepted by a lazy adversary.
A bit difficult when providing services to third parties who can use any client software :-/
That's actually probably easier than getting a browser to work with a forbidden cert, how dare you.
Yes, but if you can serve multiple certificates on one endpoint (think SNI) then you can add your own self-signed or private PKI certificate to be able to check if all your requests are being intercepted by a lazy adversary.