For example, anyone could use Let’s Encrypt to get a trusted certificate, so what makes this trustworthy? Or why not trust everyone that signs their own certificates with a program like OpenSSL?

  • @[email protected]
    link
    fedilink
    English
    31 year ago

    You still have to provide some proof that you are who you say you are by publishing a specific webpage on the site that will get the certificate or by publishing a specific DNS record on the domain. Self-signed certs don’t have that requirement so people could make certs for google.com if they wanted to.