On Tuesday, 21 July 2020 10:32:13 PDT Alexander Carôt wrote: > Hej Thiago, > > > Whether they work or not is irrelevant, since you shouldn't be shipping > > the > > same certificate to all users. You'd have to make it extremely long-lived > > (expiry 20 years from now). Generating a short-lived one (3 months) limits > > the damage if it somehow gets misused. > > just to avoid misunderstandings: The goal is not sending existing > certificates as part of the application download but rather generate the > certificte automatically upon launching the app ?
Yes. And do it again every couple of months, if the certificate has expired or will expire within the lifetime of your process. > Is this somehow the right track or am I completely mistaken ? Sorry again - > completely new in the domain of security ;-) That would be fine. The problem is guaranteeing the existence of the openssl command. It would be up to you to do that. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel DPG Cloud Engineering _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
