Re: outdated ssl cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2010-01-16 at 17:59 +0100, Vadkan Jozsef wrote:
> what does a self-signed outdated ssl cert worth? [https]
> 
> could it be tricked [https] in a way, that the end user will not
> recognize? [e.g. he already accepted the cert one time, and the browser
> would warn her, if it been ""attacked""?]
> 
> ..I mean does an outdated self-signed certificate give the same security
> as a normal cert?
----
whether 'expired' or 'current', a self-signed certificate offered by a
web server only has worth if you trust the signer of the certificate and
you have reason to believe that the certificate being offered is indeed
the one signed by whoever you believe worthy of the trust. If the
certificate is expired, it is certain to generate a warning every time
you encounter it.

I use self-signed certs all of the time - I trust myself. I have to
convince other users to trust the certificates that I sign.

The browser only sees the certificate and knows whether it has been
signed by an already trusted certificate authority. Some certificate
authorities are out of the box trusted by your web browser. Many are
not.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux