Self signed certificates.
Questions tagged [self-signed]
58 questions
20
votes
7 answers
Is encryption still applied if you ignore the SSL certificate warning for self-signed certs?
Would encryption still be applied on communication with devices using self-signed certificates if you ignore the warning and proceed without installing the certificate? Would you need to install it to ensure encryption or will it by default encrypt…
Damien.Rick
- 317
- 2
- 3
18
votes
3 answers
What is the problem of using a self signed-certificate for a game?
I am trying to understand the security problems when working with a game that needs an account for its players.
What is the problem of using a self-signed certificate?
If I understand the problem correctly, it's just that if the server private key…
NaolShow
- 191
- 1
- 6
14
votes
2 answers
Technical description of a self-signed certificate
I'm having a friendly debate with a co-worker as to the meaning of "self-signed" when it comes to PKI. We have an internal root and subordinate CA in our organization. We import the cert chain on internal clients to allow for the trust of…
Keith Madaras
- 140
- 6
12
votes
4 answers
Which part of a self-signed certificate can be trusted?
I want to ensure the sender of Document B is the same person as who previously sent me Document A. Both documents are signed with self-signed certificates. I'm not interested in knowing the real-world identity of the sender.
When I open the…
certnoob
- 123
- 5
8
votes
1 answer
Is a self-signed certificate from my ISP-provided router a security threat?
I recently found out that in order to log on to the web-based administration tool on my ISP-provided router, I need to accept a self-signed certificate it offers. I did a bit of reading and it sounds like self-signed certificates issued by an ISP…
user109923
- 83
- 3
8
votes
1 answer
OpenSSL "unable to get local issuer certificate" even when passing in the Certificate Authority
I've attempted to setup a certificate authority, and issue a certificate from that authority (with no intermediate inbetween The authority covers *.node.consul, and the certificate is underneath that at: i-0c2e25880dab06f71.node.consul). However…
Cynthia Coan
- 83
- 1
- 1
- 5
4
votes
2 answers
Why should I go to SHA512withRSA signature for my Android apps?
I have an Android 11 device and many of my apps and system apps use MD5withRSA or SHA1withRSA as signature algorithm by default.
Why should I take my apps SHA256withRSA or SHA512withRSA? Are there any advantages, if so what are they? Are there also…
julia.fds387
- 41
- 1
4
votes
1 answer
Trusted CA SSL certificates and embedded devices
There is an embedded device which should connect to the server over HTTPS and MQTTS. A server certificate is issued by a trusted CA (for example, Let's Encrypt). But there is a problem with server certificate verification on the client side because…
Mac
- 141
- 2
4
votes
2 answers
How to Trust a Self-Signed Certificate
According to Why are self signed certificates not trusted and is there a way to make them trusted?, to trust a self-signed certificate we need to import the root certificate into the trust store of the browser. Does that mean I must distribute to my…
ShieldOfSalvation
- 173
- 1
- 9
4
votes
0 answers
Use self-signed certificate inside of Docker Container for localhost
I've created a self-signed certificate for localhost to use https.
I'm running an Apache Docker container which uses the self-signed certificate and the private key. I then installed the certificate on my windows machine. So far everything works, I…
kloppo
- 43
- 3
3
votes
1 answer
TLS and self-signed certs. Is hostname verification necessary if client-supplied CA is the same as server leaf cert?
TLS client implementations will tend to try and do hostname verification by default for remote TLS endpoints (servers). The client connects to the server, and as part of the negotiation the certificate chain is checked (valid, signed by a trusted CA…
growse
- 531
- 3
- 5
3
votes
1 answer
Self-signed certificates in embedded IoT device
I have multiple IoT devices that will be connected to a cloud based platform in order to control these devices (IoT node running baremetal arm SoC).
These IoT nodes would be deployed and, during configuration, they would create a secure…
LazyTurtle
- 93
- 5
3
votes
1 answer
Is self signed certificate secure for personal use if verified before access?
I made a simple streaming server with self signed certificate. Is it secured enough if I manually check my certificate? My server also has password.
NightWalker
- 31
- 1
3
votes
1 answer
Self-signed certs on LAN shared with others
My WiFi is shared with my family, and my siblings have friends come over sharing the WiFi password carelessly. Anyone of those guests could have a rogue device and not even know it.
My brother has his own PC and I'm concerned about my brother's…
m0p3r
- 41
- 6
2
votes
1 answer
Reverse Shell for managing unreachable remote computers
In the near future, I will have about 50 remote computers to manage. These will be physical PCs running Debian 11, distributed all over the country. They will automatically perform a special kind of measurement repeatedly, and upload the results…
kol
- 123
- 4