@JW0914 i ll tell you @lleachii might not trust even after demo
You really don't get it...
- So not only do you trust PKI for LAN
- You want them ALL to issue * certs to ANYONE ON PLANET EARTH!!!
BEWARE OF @arjuniet and this theory for devices you own!
Yes, it should have been excepted:
when anyone buy a router
Install firmware
Get internet
install ssl libraries
forget all other things
register a domain and get wildcard certificate for that for free
after that ask me how to use this certificate on private lan , you can even google
if not i ll install for you . if unsuccessful i will quit this group if installed successfully @lleachii ( anything you want to ssay ? )
OK...I understand...let me ask you:
When you say Wildcard ...do you mean ROOT DNS DOMAIN?
Because that's what I understand, and you are not owner of ROOT DOMAIN, so you cannot revive such a cert.
if you have a domain openwrt.org for example , if not a ETLD like gov.fr or other CA can issue *.openwrt.org certificate for you
you can use it on any subdomains anything.openwrt.org
CORRECT!
That is not the wildcard the OpenWrt device refers to. You can install a cert for a domain you purchased (or used Let's Encrypt for).
Please explain any vulnerability now. I am truly interested.
i am really not getting now what you want to know. I cant explain you dude , if you have any specific doubt tell me frankly i ll try to help
you got to know now what i was trying to explain ?
The Router generates a Cert for this (you cannot legally buy one):
dude why you reached root name servers ?? i never talked about it
i am talking about ROOT CA
Please re-read.
yes whats wrong in it?
this ? i think
The router is "root of trust" (as its configs and is configuration consoles are concerned).
leave it dude . you dont seems to accept anything that i am saying so please let it go .
One bug allowed someone with control of a subdomain to claim control of the whole root domain for certificates.
Do you understand now?
dude you know nothing about ssl/tls or crypto .. thats it .. accept this truth ..i wont reply you now on this
bye tc
Then...I leave everyone else to think...
Again...
To implement any of @arjuniet's suggestions, you still need to purchase a domain, DDNS, etc... until @arjuniet posts about Let's Encrypt on OpenWrt.
I gave it a thought . I think the conflict is because i am having a impression of not just the home users , but more about the public wifi hotspots as that is my field of experience
To end up this thread with some positive experience let me tell you some of the use cases where its better to have a Trusted ROOT CA signed certificate ( by trusted mean trusted by your client device not by ARJUN )
**