Y
Hacker News
new
|
ask
|
show
|
jobs
by
y0ghur7_xxx
2535 days ago
It has to be baked into the CA, so that a browser vendor can check it before inclusion. If the CA specifies domains it is not allowed to sign certificates for, it will not be included.