Thib
I might have found a bug in Proxmox, but I somehow doubt I'm the first person to stumble upon it.
TLDR: Proxmox generates a self-signed certificate that I want my laptop to trust, but it looks like the CA cert is missing a crucial key usage extension.
Have you already stumbled upon it? Am I holding it wrong?
https://forum.proxmox.com/threads/the-root-ca-seems-doesnt-contain-the-key-usage-extension.169961/
Mauricio Teixeira 🇧🇷🇺🇲
@thibaultamartin @koyax @mmeier
I would not at all be surprised if that was done on purpose, to make you want to create a proper certificate (even if using a private CA).
Thib
@koyax The CA cert Proxmox generates is missing a keyUsage property, which means libraries won't trust it even after adding it to my trust store :)
Lars
@thibaultamartin Not sure if it is really a bug. It's called "self singed certificate" because it signs itself without a ca.
Maybe use acme to create a let's encrypt one 🤓.
Edit: Happy self hosting!
Mauricio Teixeira 🇧🇷🇺🇲
@thibaultamartin @koyax @mmeier
Then in this case you would be advocating for a fully insecure environment, which is bad PR.
Thib
@badnetmask @koyax @mmeier Wouldn’t they just not issue a certificate at all if that were the case?
Mauricio Teixeira 🇧🇷🇺🇲
@thibaultamartin @koyax @mmeier
Then in this case you would be advocating for a fully insecure environment, which is bad PR. Having some encryption is better than no encryption at all.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.