On Sat, Sep 30, 2023 at 07:40:34PM +0530, General Email wrote: > By the way, I don't understand how the default certificate can be abused.
It is not signed by a trusted CA, hence your browser cannot tell if it is speaking to your legitimate web server, or to some malware lurking in between. Perhaps your web trafic is not worth being evesdropped, but consider a malware could inject an exploit against your browser in your web trafic. The attacker could just be an infected machine on the same LAN. The security level of an untrusted ceritificate is not much better than plain text HTTP. -- Emmanuel Dreyfus m...@netbsd.org
