Y
Hacker News
new
|
ask
|
show
|
jobs
by
perching_aix
482 days ago
I believe so. You'll need to disable CT enforcement / or add your SPKI hash to the ignore list in the browser settings temporarily to get it working. [0] I guess this is also how corporations get around this issue? Still unsure.
[0]
https://wiki.mozilla.org/SecurityEngineering/Certificate_Tra...
1 comments
mcpherrinm
482 days ago
No. CT is only required for public CAs. You only need those browser policy settings if you’re using a public CA without CT.
link
perching_aix
482 days ago
I'd imagine this is why certs that terminate in root certificates manually added to the trust store will work fine then [as stated by other comments]?
link
mcpherrinm
481 days ago
Right, any CA you add yourself that isn’t part of what Mozilla ships isn’t considered a publicly trusted CA.
link