• ttmrichter
    link
    fedilink
    arrow-up
    2
    ·
    3 years ago

    The cert is self-signed. There is by definition no CA key! Anybody accessing that sight, unless they did something phenomenally stupid, is going to have to validate access by self-signed cert on each access. And that means that any MitM isn’t going to flag any alarms … because they’d be inserting themselves as a self-signed cert.

    • pinknoise
      link
      fedilink
      arrow-up
      1
      ·
      3 years ago

      The cert is self-signed. There is by definition no CA key!

      Sure, it’s even in the terminology you use self-signed. They used their own CA to sign the certificate.

      And that means that any MitM isn’t going to flag any alarms

      The fingerprints are going to change and it will be signed by another CA. So MitM-attempts are pretty obvious.

      • ttmrichter
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        Are you thick or are you trolling? (Serious question.)