Show HN: A tool for creating custom TLS CA bundles

OK, but you could also just run "dpkg-reconfigure ca-certificates" or use Keychain Access to mark undesirable authorities "Do Not Trust".

&quot;If you still don&#x27;t trust us, we encourage you to download the source, build it yourself and run the service on your own hardware.&quot;<p>Or you could just download debian&#x27;s ca-certificates package and cat together all the .crt files you choose into a .pem. Much quicker &amp; simpler.

Trust exactly who you want to trust... as you download certificates from a random person&#x27;s server.<p>But seriously, great idea, but wouldn&#x27;t this be better as a command-line tool installable via a package manager? At least then it could be audited.

World need wider adoption of DANE instead.