Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
13th February 2012, 21:19 | #2 | Link | |
Software Developer
Join Date: Jun 2005
Location: Last House on Slunk Street
Posts: 13,248
|
Quote:
If you don't want to pay a CA for a "real" certificate or if you just want to have something for testing your server, creating a self-signed certificate is reasonable. For obvious reasons the web-browser cannot check the validity of a self-signed certificate, because it was not signed by one of the trusted CA's whose root-certificate is known. Anyway, you can still check the fingerprint of the self-signed certificate yourself and then it can be just as "secure" as a certificate that was signed by some trusted CA... (Of course somebody would have to tell you the correct fingerprint of the certificate - either "offline" or through some tamper-proof channel - so you can verify it)
__________________
Go to https://standforukraine.com/ to find legitimate Ukrainian Charities 🇺🇦✊ Last edited by LoRd_MuldeR; 14th February 2012 at 00:53. |
|
14th February 2012, 03:07 | #4 | Link |
Moderator
Join Date: Oct 2001
Posts: 3,530
|
The big difference with self-signed and certified is about doing business with a site - can they be trusted to process a credit card order, are they legitimate, etc. For that you would want a site that has been certified. However any https connection is encrypted, therefore protected from sniffers (electronic eavesdropping).
|
14th February 2012, 04:44 | #5 | Link | |
Registered User
Join Date: Feb 2005
Posts: 585
|
Quote:
__________________
Chumbo |
|
14th February 2012, 12:51 | #6 | Link | |
Software Developer
Join Date: Jun 2005
Location: Last House on Slunk Street
Posts: 13,248
|
Quote:
That's why certificates need to be verified and why an encrypted connection without an approved certificate is pointless. Still, a self-signed certificate can be just as "genuine" and "secure" as one that was signed by a trusted CA. The only difference is, that the self-signed one has to be verified by hand (by checking its fingerprint). It simply can not be verified automatically by the PKI. After all, all the "root" certificates your browser contains are self-signed too... BTW: After the recent incidents, I would trust a self-signed certificate (which you have verified yourself!) much more than one that was signed by a CA
__________________
Go to https://standforukraine.com/ to find legitimate Ukrainian Charities 🇺🇦✊ Last edited by LoRd_MuldeR; 14th February 2012 at 16:25. |
|
14th February 2012, 19:31 | #7 | Link |
Guest
Posts: n/a
|
One of the big issues that Chrome has, though I'd assume other brower's might as well, is that the self-signed cert doesn't match the URL of this site. Even after installing it in the trusted root store, it will still complain due to that reason. Luckily it can be bypassed but whenever Chrome is closed and then opened again it will display the huge warning page whenever you want to come back here via https.
|
|
|