I made a simple streaming server with self signed certificate. Is it secured enough if I manually check my certificate? My server also has password.
Asked
Active
Viewed 87 times
1 Answers
2
Is it secured enough if I manually check my certificate?
What you're describing is essentially Certificate Pinning. That being the case, the answer is generally "Yes, it is secure, but it's not a recommended or popular method, due to scalability and maintenance issues."
If this is something your setting up for yourself, it's fine; if you're expecting some number of people to use it, you should think about getting a regular cert. Let's Encrypt is cheap and easy.
gowenfawr
- 71,975
- 17
- 161
- 198
-
Thank you gowenfawr. We are planning to access the stream from 2-3 phones only. Do you think its safe even accessing from public wifi? – NightWalker Dec 21 '18 at 17:25
-
1Yes. The encryption properties between the client and server aren't impacted by whether the certificate is self-signed or not; merely whether the client trusts it's got the right server or not. Whether the client trusts the server based on pinning vs. based on the CA that signed it doesn't impact the network encryption. – gowenfawr Dec 21 '18 at 17:46