[Cialug] TLS Cert validity?
Zachary Kotlarek
zach at kotlarek.com
Thu Feb 3 17:03:27 CST 2011
On Feb 3, 2011, at 4:49 PM, Matthew Nuzum wrote:
> Remember that properly configured SSL serves two purposes:
>
> 1. Provide an encrypted connection
> 2. Verify the identity of who you are connecting to
>
> Self signed SSL only does the first.
If you validate that the certificate is the one you're expecting (i.e. check the fingerprint), it can do both.
Also, if this isn't a public-facing service, setting up your own CA is cheaper and arguably more secure then letting someone else sign your stuff.
Setting up a private CA is not as complicated as it might seem -- if you can generate a self-signed certificate you're already halfway there:
http://pages.cs.wisc.edu/~zmiller/ca-howto/
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20110203/36bbd43d/attachment.bin
More information about the Cialug
mailing list