Certificates

[Achim Gratz]

Hal Murray via devel writes:
> Suppose you don't trust all those CAs.  What can you do?

Then they shouldn't be in your trust root to begin with.  It's easy
enough to remove a CA source file from the system cert store and rebuild
it, although what to do is slightly different on each system.

> One option is to extract the appropriate certificate from the installed root 
> collection.

That's CA pinning rather than certificate pinning.  It only makes sense
(to me anyway) if you expect to have multiple different certificates
that refer to that CA, so maybe if you have a local CA that you don't
want to advertise system-wide.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds