1 |
On Monday, March 5, 2018, Walter Dnes <waltdnes@××××××××.org> wrote: |
2 |
|
3 |
> app-misc/ca-certificates splatters a bunch of files all over the |
4 |
> place. Question... is there a utility to figure out which domains any |
5 |
> particular certificate covers |
6 |
> |
7 |
|
8 |
A ca certificate may sign any domain cert, and new domains can be signed at |
9 |
any time. |
10 |
|
11 |
So any certificate is only as trusted as the least trustworthy ca in your |
12 |
certificate store.... some people call this a dumpster fire. Certificate |
13 |
transparency (logs of who issued what) helps reduce the risk of a dodgy ca |
14 |
issuing a certificate they shouldn’t have without being noticed. |
15 |
|
16 |
You can go the other way, and see which ca was used to sign any cert that a |
17 |
server presents, as that info is included in the cert presented by the |
18 |
server. |