The cert is self-signed. There isby definition no CA key! Anybody accessing that sight, unless they did something phenomenally stupid, is going to have to validate access by self-signed cert on each access. And that means that any MitM isn’t going to flag any alarms … because they’d be inserting themselves as a self-signed cert.
The cert is self-signed. There is by definition no CA key! Anybody accessing that sight, unless they did something phenomenally stupid, is going to have to validate access by self-signed cert on each access. And that means that any MitM isn’t going to flag any alarms … because they’d be inserting themselves as a self-signed cert.
Sure, it’s even in the terminology you use self-signed. They used their own CA to sign the certificate.
The fingerprints are going to change and it will be signed by another CA. So MitM-attempts are pretty obvious.
Are you thick or are you trolling? (Serious question.)