Yggdrasil Auth
#11
Saving the root CA is a nice idea, and it should work, until either the root CA and or any of the intermediate CAs go out of validity, which is in 2030+. Elegant solution.
I don't think the server has more certificates, because each cert is paid and why get more if you can reuse the same cert as long as the domain name matches?
Reply
Thanks given by:
#12
Also, what if they change CA?
Reply
Thanks given by:
#13
Stick another root cert in. Servers can't have multiple certs but in this situation we're the client so we can have as many certs as we can fit on the drive.

@xoft Saving the root CA is elegant, that's why everyone does that.
Reply
Thanks given by:
#14
Yeah, everyone does that and look where it got them - now they can't easily revoke certs after heartbleedTongue
I don't like the idea of keeping multiple CA certs and having to take care of them. I'm willing to do this if the cert doesn't change; the first time it changes, the code goes out and we use fingerprints.
Reply
Thanks given by:




Users browsing this thread: 4 Guest(s)