Changeset View
Changeset View
Standalone View
Standalone View
src/docs/user/configuration/troubleshooting_https.diviner
Show All 26 Lines | |||||
Authority or "CA") to be accepted. If the CA for a certificate is untrusted, the | Authority or "CA") to be accepted. If the CA for a certificate is untrusted, the | ||||
connection will fail (this defends the connection from an eavesdropping attack | connection will fail (this defends the connection from an eavesdropping attack | ||||
called "man in the middle"). Normally, you purchase a certificate from a known | called "man in the middle"). Normally, you purchase a certificate from a known | ||||
authority and clients have a list of trusted authorities. | authority and clients have a list of trusted authorities. | ||||
You can self-sign a certificate by creating your own CA, but clients will not | You can self-sign a certificate by creating your own CA, but clients will not | ||||
trust it by default. They need to add the CA as a trusted authority. | trust it by default. They need to add the CA as a trusted authority. | ||||
For instructions on adding CAs, see `libphutil/resources/ssl/README`. | For instructions on adding CAs, see `arcanist/resources/ssl/README`. | ||||
If you'd prefer that `arc` not verify the identity of the server whatsoever, you | If you'd prefer that `arc` not verify the identity of the server whatsoever, you | ||||
can use the `https.blindly-trust-domains` setting. This will make it | can use the `https.blindly-trust-domains` setting. This will make it | ||||
dramatically easier for adversaries to perform certain types of attacks, and is | dramatically easier for adversaries to perform certain types of attacks, and is | ||||
**strongly discouraged**: | **strongly discouraged**: | ||||
$ arc set-config https.blindly-trust-domains '["example.com"]' | $ arc set-config https.blindly-trust-domains '["example.com"]' | ||||
Show All 37 Lines |