Certificate Patrol

5 ਤਾਰਿਆਂ ਵਿੱਚ 5 ਮਿਲੇ

ਵੱਲੋਂ jncvd ਅਗ 2, 2011 ਤੇ · ਪਰਮਾਲਿੰਕ

Righteous! Love this to death.

Edited for dev reply: SQLite: excellent. Mostly what I'm asking for is: in addition to the lovely host/domain ignore list you added, also a "host/domain to only check CA list". Keep it all centralized, and make it easy to only check CA for *.google.com, *.googleusercontent.com. and so on.

Right now, I have to check this box for *every certificate*, and it's a long, long slog. Then, when the cert expires in a-year-or-whatever: I have to re-check all those boxes for all those certificates. Too much effort.

I *want* to know if the issuance chain has *completely changed* on, say, Google certificates; I'd rather not ignore them entirely. However, until I can "semi-ignore" entire domains, it's very tempting to dump *.g*.com into the ignore list. Or disable Certificate Patrol entirely.