How would said malicious JS then install the generated phony certificate in your... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kelnos on Oct 18, 2014 \| parent \| context \| favorite \| on: FFS SSL How would said malicious JS then install the generated phony certificate in your browser's cert store?

antsar on Oct 19, 2014 [–]

I'm talking about the step where StartSSL generates an SSL private key for you in the browser (unless you know to click "Skip"). No need to install anything in a browser store, it just brings you to a page with a generated SSL certificate using that key.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact