@stefano

My oh my  I do have my fair share of those folks too in $DAYJOB. The last time they spend three weeks (!) on debugging an issue where a webhook would not return anything.

Took me five minutes to asses and fix it for them. They were missing the CA intermediary.

In your case - I hope that they aren't vibe coding something that handles sensitive data 

@h3artbl33d @stefano ok, let’s be fair here. PKI is really hard for someone who doesn’t do it regularly, and most devs don’t do it regularly. Especially with custom CAs.

I had almost the exact thing happen: a developer was struggling to re-integrate with a service endpoint after a version update. He had spent weeks, and they were at risk of missing the contracted delivery date. The dev found one of my tech talks on PKI and reached out for help.
The error: SEC_UNKNOWN_ISSUER. It took a few minutes for me to realize he was pointing at the wrong trust store, and I sorted him quickly.
This was in 2019, long before AI agents were writing code reliably.

I’m not saying skills atrophy isn’t happening, but this specific example is more about misaligned skills, which has been an unsolved problem forever.

@mathaetaes @stefano

I totally get that PKI might be hard for thise unfamiliar with it. The thing I can't wrap my mind around is how two devs spend three weeks at the problem before calling in lifeline.

I personally would expect a medior dev to know when they are out of their debt and rung the bell earlier. But perhaps my attitude isn't the right one either - that is entirely possible.