u/oppenheimer16

What is the point of slots: challenge-response, OATH-HOTP and Yubico OTP? These three slots are no longer used anywhere, they are already outdated. There may be another Yubico OTP somewhere, but there are very few sites with it. The only thing that can still be used is a static password, which I consider unsafe.

What would you choose - self-signed certificates or your own certification authority? I would choose a certification authority because if you import the certificate of the authority itself, then all certificates that were signed by the authority will be imported will be automatically marked as trusted.