Certificate trust

How Kochab handles self-signed TLS certificates without sending keys to an unknown host.

Self-signed certificates are common in homelabs. Kochab uses explicit fingerprint trust so a known certificate can work without disabling TLS safety for every host.

If a certificate changes later, Kochab treats that as a security event and asks you to verify the new fingerprint before sending credentials.