Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: <bp@www.zefox.net>
Newsgroups: comp.sys.raspberry-pi
Subject: Re: Chromium and self-signed certificates
Date: Sun, 1 Sep 2024 16:12:50 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 29
Message-ID: <vb23q2$1huca$1@dont-email.me>
References: <v9g9tq$14v2$1@dont-email.me> <wwvfrr72n8d.fsf@LkoBDZeT.terraraq.uk> <v9lbmq$115gc$1@dont-email.me> <vatpki$n4it$1@dont-email.me> <wwvwmjxkpwi.fsf@LkoBDZeT.terraraq.uk> <vb0c6u$17650$1@dont-email.me> <vb1665$1dlt4$12@dont-email.me>
Injection-Date: Sun, 01 Sep 2024 18:12:51 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="5705dda1b4a9d2187a4a660b805edbac";
	logging-data="1636746"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19Y02eM8oQkoYKGRmwmNmobwos1Kor3tjo="
User-Agent: tin/2.6.2-20221225 ("Pittyvaich") (FreeBSD/14.0-RELEASE-p9 (arm64))
Cancel-Lock: sha1:GuYCKIEz5IWPeVpL3aWmM/3VuX8=
Bytes: 2079

Lawrence D'Oliveiro <ldo@nz.invalid> wrote:
> On Sun, 1 Sep 2024 00:23:58 -0000 (UTC), bp wrote:
> 
>> Lawrence D'Oliviero's reply following yours touches on what I suspect is
>> my greatest misunderstanding: I thought a self-signed certificate stood
>> on its own.
> 
> You can do it that way. That requires importing every single self-signed 
> cert one by one. 

That's what I thought the instructions cited in the FreeBSD Handbook did
and what I was trying to do initially.  


> If you need several of these, then setting up your own CA 
> just makes things simpler. 

It appears there's something fundamental that I'm not understanding 8-(

In principle it would make sense to make a root CA for the
three domains (zefox.com, zefox.net and zefox.org) under my control
but if I disturb that one CA up all three become unreliable. I'm
starting with one domain (and its only physical host) in an attempt
to grade the learning curve a little flatter. 

Thanks for writing!

bob prohaska