Conversation

Notices

1. feld (feld@friedcheese.us)'s status on Friday, 13-Sep-2024 09:39:49 JST feld
   I'm having an idea.
   
   It has been observed that as soon as you get a cert from LetsEncrypt you get hit with some bots following the CT logs for new targets. Sometimes I have services that I want to be public but mostly I will be the only one accessing them, maybe a couple friends. So why not just self-sign and run my own CA for them? I've operated a private CA before this isn't rocket science or anything it just never seemed worth it.
   
   Bonus: some bots, scrapers, and crawlers won't even bother you
   •  (mint@ryona.agency)'s status on Friday, 13-Sep-2024 09:39:48 JST 

     in reply to
     @feld Plenty of apps offer no way of accessing services without a valid certificated signed by someone in system store, some even go as far as bundling said certs with itself (pretty sure Pleroma did that with certifi at one point). Writing from Husky right now which completely ignores certificates from user's store; I had to be rooted and use some Magisk module to drop my root CA in system's store to be able to login to my instance via LAN domain.
   • feld (feld@friedcheese.us)'s status on Friday, 13-Sep-2024 14:02:51 JST feld

     in reply to

     • 
     @mint Pleroma still ships one (two actually lol but both projects use the same source)
     
     If Android apps don't use the system store I guess it's an Android bug. Shouldn't be possible. AFAIK Apps can only use the system store on iOS. And it's easy to add your own CA to it
      likes this.