Sujet : Re: Chromium and self-signed certificates
De : <bp (at) *nospam* www.zefox.net>
Groupes : comp.sys.raspberry-piDate : 07. Sep 2024, 02:39:00
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vbgark$10tpi$1@dont-email.me>
References : 1 2 3 4 5 6 7 8 9 10 11
User-Agent : tin/2.6.2-20221225 ("Pittyvaich") (FreeBSD/14.0-RELEASE-p9 (arm64))
Lawrence D'Oliveiro <
ldo@nz.invalid> wrote:
On Sun, 1 Sep 2024 22:49:42 -0000 (UTC), bp wrote:
Are the certificates and keys the same between SSH and TLS?
The basic encryption algorithms may be the same, but the usage is a little
different. SSH has no concept of “certificates”, only of “host keys”
versus “user keys”. Each key is of course actually a key pair, consisting
of a public key (freely redistributable, but recipients need to be sure
they get them from a trusted source) and a corresponding private key
(never to be disclosed to anybody else).
There is a file in your SSH client config called “known_hosts”, which
contains the public host keys of all the hosts you’ve previously connected
to; this is used to guard against somebody trying to impersonate any of
those hosts when you next try to connect.
I was confusing host keys and server certificates. One more puzzle down.
Your scripts seem to work on both FreeBSD and RasPiOS. Now to see if
I can stumble through making them work between _between_ FreeBSD and
RasPiOS. One obvious question is setting the "listen_addr" in the
try_server script. Can it be set to "any" or a range by IP or FQEN?
A list would be fine, I have only eight addresses total.
Thank you!
bob prohaska
Chromium and self-signed certificates
Re: Chromium and self-signed certificates
