9 comments

[ 3.1 ms ] story [ 31.1 ms ] thread
This seems to be just a way to generate a wildcard cert with a custom CA with many layers of subdomain? At first I thought it was an exploit that meant it was accepted out of the box on all browsers, which would have been concerning.
Yeah, this post needs "self-signed" added to the title.
This reminds me of how someone tried to reduce Linux kernel size with removing spaces from sources :)
Agreed. I was concerned this had been signed by a CA via some zero-day exploit in their domain ownership validation process!
Great idea, it's a pain to generate these certs. It's nice just to be able to download one that just works on git
Clickbait headline. Headline implies something that is trusted by the web pki, which this cleary isnt.
It wasn't my intent to imply that. However, it would be possible for a trusted CA to issue a certificate like this, which would allow anyone holding it to intercept any SSL traffic without raising alarms.