DigitallyRefined

> TBH, I'm quite ambivalent on this. Yes, it's probably safer to refuse to provide credentials when the certificate is invalid. On the other hand, you have consented to this...

Closing this, as the browsers built in certificate error page should be enough to warn users not to continue and if they do they shouldn't be using their passkeys.