On Tuesday 10 October 2017 at 17:37:44, B Hirsch wrote:
> What are the security vulnerabilities with trusting your own private root
If *you* created the certificate and *you* control the CA, so you *know* what
certificates it has signed, I don't see that there are any vulnerabilities.
A browser will warn you that the certificate is untrusted, because it cann't
verify the CA from its list of built-in CAs, but once you've added your own CA
certificate to the browser, all your own signed certificates will be trusted.
The only vulnerability I can imagine is if you install the CA certificate to a
bunch of browsers, and then someone manages to get at your CA and sign a
certificate you don't want them to.
In this case protecting the CA is the important part (as is the case for all
<flopsie> yes, but this is #lbw, we don't do normal