Re: [Half OOT] The Cons of Using Self-Signed Certificate
On Fri, Sep 11, 2009 at 02:24:40PM +0700, Zaki Akhmad wrote:
> On Fri, Sep 11, 2009 at 2:01 PM, Kevin Ross <Kevin@familyross.net> wrote:
>
> > You (or your clients) will need to manually install the certificate on any
> > machine that they use to connect to your server. If they don't, and just
> > choose to ignore the warnings, then what is the point of using a
> > certificate? However, if manually installing certificates on client
> > machines isn't a problem, then there's no reason to shell out money for a
> > commercial certificate (which can be as little as $30 a year).
>
> Yup, the clients should install certificate manually.
>
> The point of using certificate is that the server and the client using
> encrypted protocol instead of unencrypted protocol. So that the
> password won't be sent on plain-text format. I want to make, the
> protocol is secure.
>
> (CMIIW).
>
The benefit of the certificate is two-fold.
1) It encrypts traffic
2) It identifies the server
Kevin was pointing out to you that benefit #2 would be lost if your
clients do not manually install the certificates and blindly accept the
certificate presented to them on first connection. This opens you up to
a man-in-the-middle attack, however unlikely that might be.
-Rob
Reply to: