| 1 |
On Monday, March 5, 2018, Walter Dnes <waltdnes@××××××××.org> wrote: |
| 2 |
|
| 3 |
> app-misc/ca-certificates splatters a bunch of files all over the |
| 4 |
> place. Question... is there a utility to figure out which domains any |
| 5 |
> particular certificate covers |
| 6 |
> |
| 7 |
|
| 8 |
A ca certificate may sign any domain cert, and new domains can be signed at |
| 9 |
any time. |
| 10 |
|
| 11 |
So any certificate is only as trusted as the least trustworthy ca in your |
| 12 |
certificate store.... some people call this a dumpster fire. Certificate |
| 13 |
transparency (logs of who issued what) helps reduce the risk of a dodgy ca |
| 14 |
issuing a certificate they shouldn’t have without being noticed. |
| 15 |
|
| 16 |
You can go the other way, and see which ca was used to sign any cert that a |
| 17 |
server presents, as that info is included in the cert presented by the |
| 18 |
server. |
Archives