Filippo Valsorda

The server did not load the mkcert certificate for some reason. You can see the reported Issuer is “localhost” while mkcert certificates all have an Issuer that starts with “mkcert”...

I'd be happy to add it to the supported DBs if someone can find out where the Insomnia's root store is.

AFAIK, the 397 days requirement is only applied to the system roots, not to user-installed roots. Does this only apply to rooted Android devices where the mkcert root is added...

Was the mkcert root added to the system store by rooting Android?

Does the Swift script still work as of macOS 12.3.1? I tried it and the `SecTrustSettingsSetTrustSettings` invocation still pops up a dialog on my machine. Interestingly enough, the dialog doesn't...

Looks like GitHub is indeed still using this script. I tried figuring out why it works on their runners and couldn't reproduce uninteractive behavior. https://github.com/actions/virtual-environments/blob/main/images/macos/provision/configuration/configure-machine.sh

Whatever is going on is inconsistent with the `SecTrustSettingsSetTrustSettings` docs. > When making changes to system-wide trust settings, the user is prompted with an alert panel asking for an administrator’s...

Sure, we just need to know two things: where the profile folder is, and where the `firefox` binary is.

But most users don't have a master password, so it would be confusing wouldn't it? Can we instead print something like `(hint, this is your Firefox master password)` if certutil...

Yes, we should add it to `/usr/local/etc/[email protected]/certs` and run `/usr/local/opt/[email protected]/bin/c_rehash` (with and without `@1.1`). Leaving for v1.4.2.