| ▲ | SAI_Peregrinus 16 hours ago | |
SSH certs aren't TLS certs. Totally different format. All SSH CAs are private, you run your own CA to issue certs to devices you want to allow to connect to your server. | ||
| ▲ | ajross 6 hours ago | parent [-] | |
It's... not about the file format. The point is that a "private" cert is not a "cert" as commonly understood. The important part to a certification authority is the AUTHORITY part, not the data format. Either there is a trusted third party that will promise you are who you say you are, or there is not. With SSH, there is not, nor can there be as it is commonly deployed. So applications that want that have used other protocols and other schemes, very productively. | ||