Find the answer to your Linux question:
Results 1 to 9 of 9
I have set up ssl and just want to check something. I have generated my own certificate. does this make my ssl less secure than someone who bought a cert. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    ssl and self certs


    I have set up ssl and just want to check something. I have generated my own certificate. does this make my ssl less secure than someone who bought a cert.

    It's only for my use really - I'm just curious.
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  2. #2
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    no, it doesnt make it any less or more secure.

    All it means is that when a client browser uses SSL on your site, they will be informed that the certificate is not valid, but the communications will still be encrypted.

  3. #3
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    thanx

    Thanks for that. So could someone pretend to be me? Why should I buy a cert what is the benefit?
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  4. #4
    Just Joined!
    Join Date
    Mar 2004
    Posts
    30
    You are paying for the trusted root CA signature... no warnings pop up when somebody enters your site. Since you have signed your own cert I would get a warning of this when I enter your site.

    Richard

  5. #5
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    monopoly?

    So what is the purpose of the trusted root Certificate Authority? Are they simply a group of companies who have negotiated with some one (?) to have their certificate automatically installed into various software apps.

    While I understand the principles behind certificates and can see the benefits of their use in an enterpise setup. I can't quite get my head around this pay for a certificate bit.
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  6. #6
    Just Joined!
    Join Date
    Mar 2004
    Posts
    30
    When I use online banking.. the certificate returned from my bank's webserver validates the site for me. This way I know I'm at the real bank and not visiting a hacked site. Just an example of why....

    Your browser contains a list of trusted CAs and if you wish you can add yours to it.

    I think most companies use self-signed certs for internal traffic... and zone to zone traffic. But for internet facing traffic Root CA signed certificates are a must.... at least I think so.

    Richard

  7. #7
    Linux Engineer Giro's Avatar
    Join Date
    Jul 2003
    Location
    England
    Posts
    1,219
    Quote Originally Posted by rzilavec
    But for internet facing traffic Root CA signed certificates are a must.... at least I think so.

    Richard
    Not really if it just a secure channel for you and your freinds then no dont pay the cash, But if the site takes credit details the yes its a good idea.

  8. #8
    Just Joined!
    Join Date
    Mar 2004
    Posts
    30
    Quote Originally Posted by Giro
    Quote Originally Posted by rzilavec
    But for internet facing traffic Root CA signed certificates are a must.... at least I think so.

    Richard
    Not really if it just a secure channel for you and your freinds then no dont pay the cash, But if the site takes credit details the yes its a good idea.
    You cropped out the import part...

    'most companies use self-signed certs for internal traffic... and zone to zone traffic. But for internet '

    This comment was for ebusiness traffic....

    I agree, for personal stuff .... self-signed all the way.

    Richard

  9. #9
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    clarify

    Obviously this isn't very important but I'm just trying to get some stuff straight in my head.

    So a root CA issues a cert to someonelse. They have paid for this service and the browser manufacturer has included a list of all root CAs that it likes/knows/agrees with.

    When I browse the site my browser looks at the cert and then verifies it with the issuer. Is this correct? So the only difference with this to any other setup is the fact that someone else has issued the cert and this company is listed in my browser's trusted CAs.

    It just seems a little flawed. The SSL and cert part seems good but this trusted CA stuff seems to be the illusion of security - like 4 digit passwords or seatbelts on airplanes!

    Anyway, cheers for all the info. Maybe I should go read some of those RFCs and the like and see what I can dig up.
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •