"application/vnd.micrografx.igx",
				"application/vnd.mif",
				"application/vnd.mindjet.mindmanager",
				"application/vnd.minisoft-hp3000-save",
				"application/vnd.mitsubishi.misty-guard.trustweb",
				"application/vnd.mobius.daf",
				"application/vnd.mobius.dis",
				"application/vnd.mobius.mbk",
				"application/vnd.mobius.mqy",
				"application/vnd.mobius.msl",
				"application/vnd.mobius.plc",

-----------------------

The above example uses a self-signed certificate. This is convenient for testing but not
representative of real-world HTTPS deployment. To get closer to that we can use `HeldCertificate`
to generate a trusted root certificate, an intermediate certificate, and a server certificate.
We use `certificateAuthority(int)` to create certificates that can sign other certificates. The

    <glob pattern="*.mmmp"/>
    <glob pattern="*.mmas"/>
  </mime-type>

  <mime-type type="application/vnd.minisoft-hp3000-save"/>
  <mime-type type="application/vnd.mitsubishi.misty-guard.trustweb"/>
  <mime-type type="application/vnd.mobius.daf">
    <glob pattern="*.daf"/>
  </mime-type>
  <mime-type type="application/vnd.mobius.dis">
    <glob pattern="*.dis"/>
  </mime-type>

		if err != nil {
			logger.Fatal(fmt.Errorf("invalid arguments passed, trusted user certificate authority public key file is not accessible: %v", err), "unable to start SFTP server")
		}

		globalSFTPTrustedCAPubkey, _, _, _, err = ssh.ParseAuthorizedKey(keyBytes)
		if err != nil {

* Caddy (that can also handle certificate renewals)
* Nginx
* HAProxy

## Let's Encrypt { #lets-encrypt }

Before Let's Encrypt, these **HTTPS certificates** were sold by trusted third parties.

The process to acquire one of these certificates used to be cumbersome, require quite some paperwork and the certificates were quite expensive.

    /** The SAM database does not have a computer account for this workstation trust relationship */
    int NT_STATUS_NO_TRUST_SAM_ACCOUNT = 0xC000018b;
    /** The trust relationship between the primary domain and the trusted domain failed */
    int NT_STATUS_TRUSTED_DOMAIN_FAILURE = 0xC000018c;
    /** The trust relationship between this workstation and the primary domain failed */
    int NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE = 0xC000018d;

    /** The SAM database does not have a computer account for this workstation trust relationship */
    int NT_STATUS_NO_TRUST_SAM_ACCOUNT = 0xC000018b;
    /** The trust relationship between the primary domain and the trusted domain failed */
    int NT_STATUS_TRUSTED_DOMAIN_FAILURE = 0xC000018c;
    /** The account used is a computer account */
    int NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0xC0000199;

```bash
gpg --verify plugin-publish-plugin-2.0.0.jar.asc plugin-publish-plugin-2.0.0.jar
```

If you see a warning message like `gpg: WARNING: This key is not certified with a trusted signature!`, you can locally sign the Gradle key after importing it.
This tells your GPG installation that you trust this key and will prevent the warning from appearing again.

To do this, run the following command:

```bash

You can start FastAPI CLI with the *CLI Option* `--forwarded-allow-ips` and pass the IP addresses that should be trusted to read those forwarded headers.

If you set it to `--forwarded-allow-ips="*"` it would trust all the incoming IPs.

If your **server** is behind a trusted **proxy** and only the proxy talks to it, this would make it accept whatever is the IP of that **proxy**.

<div class="termy">

```console

   *
   * This class exploits knowledge of Android implementation details. This class is potentially
   * much faster to initialize than [BasicTrustRootIndex] because it doesn't need to load and
   * index trusted CA certificates.
   */
  internal data class CustomTrustRootIndex(
    private val trustManager: X509TrustManager,
    private val findByIssuerAndSignatureMethod: Method,
  ) : TrustRootIndex {