Changeset View
Changeset View
Standalone View
Standalone View
src/docs/user/configuration/troubleshooting_https.diviner
| Show All 26 Lines | |||||
| Authority or "CA") to be accepted. If the CA for a certificate is untrusted, the | Authority or "CA") to be accepted. If the CA for a certificate is untrusted, the | ||||
| connection will fail (this defends the connection from an eavesdropping attack | connection will fail (this defends the connection from an eavesdropping attack | ||||
| called "man in the middle"). Normally, you purchase a certificate from a known | called "man in the middle"). Normally, you purchase a certificate from a known | ||||
| authority and clients have a list of trusted authorities. | authority and clients have a list of trusted authorities. | ||||
| You can self-sign a certificate by creating your own CA, but clients will not | You can self-sign a certificate by creating your own CA, but clients will not | ||||
| trust it by default. They need to add the CA as a trusted authority. | trust it by default. They need to add the CA as a trusted authority. | ||||
| For instructions on adding CAs, see `libphutil/resources/ssl/README`. | For instructions on adding CAs, see `arcanist/resources/ssl/README`. | ||||
| If you'd prefer that `arc` not verify the identity of the server whatsoever, you | If you'd prefer that `arc` not verify the identity of the server whatsoever, you | ||||
| can use the `https.blindly-trust-domains` setting. This will make it | can use the `https.blindly-trust-domains` setting. This will make it | ||||
| dramatically easier for adversaries to perform certain types of attacks, and is | dramatically easier for adversaries to perform certain types of attacks, and is | ||||
| **strongly discouraged**: | **strongly discouraged**: | ||||
| $ arc set-config https.blindly-trust-domains '["example.com"]' | $ arc set-config https.blindly-trust-domains '["example.com"]' | ||||
| Show All 37 Lines | |||||