Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Lawrence D'Oliveiro <ldo@nz.invalid>
Newsgroups: comp.sys.raspberry-pi
Subject: Re: Chromium and self-signed certificates
Date: Mon, 2 Sep 2024 03:46:39 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 12
Message-ID: <vb3ceu$1r1t9$9@dont-email.me>
References: <v9g9tq$14v2$1@dont-email.me>
	<wwvfrr72n8d.fsf@LkoBDZeT.terraraq.uk> <v9lbmq$115gc$1@dont-email.me>
	<vatpki$n4it$1@dont-email.me> <wwvwmjxkpwi.fsf@LkoBDZeT.terraraq.uk>
	<vb0c6u$17650$1@dont-email.me> <vb1665$1dlt4$12@dont-email.me>
	<vb23q2$1huca$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 02 Sep 2024 05:46:39 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="0461de2c4cabc231a24885f70066d9c2";
	logging-data="1935273"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19IDuYXDYRcuv2QKOYT/tJV"
User-Agent: Pan/0.160 (Toresk; )
Cancel-Lock: sha1:X4ewoA73AH6h4eTJymZNxBfzEFs=
Bytes: 1694

On Sun, 1 Sep 2024 16:12:50 -0000 (UTC), bp wrote:

> In principle it would make sense to make a root CA for the three domains
> (zefox.com, zefox.net and zefox.org) under my control but if I disturb
> that one CA up all three become unreliable.

If these are names intended to be accessed by the general public, then you 
need certs signed by official CAs that are trusted as standard by the 
browsers that the general public uses.

Setting up your own private CA only works for authentication between 
machines that you control.