Changes in 7b0f6b0: Updated Certificate Authority (markdown)

_Footer.md

...	...	@@ -1 +1 @@
1		-Hosted by: [mortzu](mailto:[email protected]), [xuu](mailto:[email protected]) \| Accessible via: [Internet](https://dn42.net/), [dn42](https://internal.dn42), [tor](http://jsptropkiix3ki5u.onion), [i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/)
...	...	\ No newline at end of file
	0	+Hosted by: [mortzu](mailto:[email protected]), [xuu](mailto:[email protected]) \| Accessible via: [dn42](http://internal.dn42), [tor](http://jsptropkiix3ki5u.onion), [i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/)
...	...	\ No newline at end of file

services/Certificate-Authority.md

@@ -50,18 +50,18 @@ which will show among other things:

 The following sites have been set up to demonstrate the CA failing to sign arbitrary domains:

-* [badkey.sour.is](https://badkey.sour.is)

-* [badkey.xuu.me](https://badkey.xuu.me)

-* [badkey.xuu.dn42](https://badkey.xuu.dn42)

+* [badkey.sour.is](https://badkey.sour.is) - Host is in HSTS preload with key pinning. The browser should fail because the keypin does not match. 

+* [badkey.xuu.me](https://badkey.xuu.me) - Hostname is outside of domain allowed list.

+* [badkey.internal.dn42](https://badkey.internal.dn42) - Valid hostname and keypinned. But certificate contains bad subject alternate names.

 They all use the same certificate, that should be regarded invalid by whatever software you use because of

 ```

+ Subject: CN=badkey.sour.is

+[...]

 X509v3 Subject Alternative Name: 

- DNS:badkey.internal.dn42, DNS:badkey.sour.is, DNS:badkey.xuu.me, DNS:google.com, DNS:*.com, DNS:*.*

-

+ DNS:badkey.sour.is, DNS:badkey.xuu.me, DNS:badkey.xuu.dn42, DNS:*

 ```

-even though the subject says `CN=badkey.internal.dn42`, which would be allowed.

 ## Importing the certificate

...	...	@@ -50,18 +50,18 @@ which will show among other things:
50	50
51	51	The following sites have been set up to demonstrate the CA failing to sign arbitrary domains:
52	52
53		-* [badkey.sour.is](https://badkey.sour.is)
54		-* [badkey.xuu.me](https://badkey.xuu.me)
55		-* [badkey.xuu.dn42](https://badkey.xuu.dn42)
	53	+* [badkey.sour.is](https://badkey.sour.is) - Host is in HSTS preload with key pinning. The browser should fail because the keypin does not match.
	54	+* [badkey.xuu.me](https://badkey.xuu.me) - Hostname is outside of domain allowed list.
	55	+* [badkey.internal.dn42](https://badkey.internal.dn42) - Valid hostname and keypinned. But certificate contains bad subject alternate names.
56	56
57	57	They all use the same certificate, that should be regarded invalid by whatever software you use because of
58	58	```
	59	+ Subject: CN=badkey.sour.is
	60	+[...]
59	61	X509v3 Subject Alternative Name:
60		- DNS:badkey.internal.dn42, DNS:badkey.sour.is, DNS:badkey.xuu.me, DNS:google.com, DNS:.com, DNS:.*
61		-
	62	+ DNS:badkey.sour.is, DNS:badkey.xuu.me, DNS:badkey.xuu.dn42, DNS:*
62	63
63	64	```
64		-even though the subject says `CN=badkey.internal.dn42`, which would be allowed.
65	65
66	66	## Importing the certificate
67	67