[XorNot]

Actually what's really broken is the way we've approached implementations. Recently I was trying to get a self-signed certificate for myself trusted by Python urllib3...I still don't know how to do it. It uses a completely separate trust-store. As does half a dozen other things on my system.

[goldman60]

Java is literally the worst as well. The Java truststore doesn't even have all the certs that every major browser supports. I'm looking at you StartSSL.