HTTPS - untrusted?

[mayonek]

Hi i host butterfly on my VPS. Everything works fine, but why my website https://example.com:57575 is always "untrusted"?

I generated all certs but it looks like butterfly doesn't use it

[ppkantorski]

you need to override the certificates manually and generate them using 825 or less days, using the following as your server.csr.cnf.

[ req ] default_bits = 4096 prompt = no default_md = sha512 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = US stateOrProvinceName = RandomState localityName = RandomCity organizationName = RandomOrganization commonName = YourCommonName [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = YourServerName

I use 4096 and sha512 myself. with your DNS in the Subject Alternative Name it seems to become a trusted certificate. For my server I only load the .cnf and the .key files, not the CA files. I am less concerned with who can access the URL and more concerned with man-in-the-middle attacks. Just capturing traffic with WireShark using HTTP is enough for people to see everything you are doing, so if using HTTP you need a VPN or to use HTTPS.