and to add your goal on setting up a * ssl (from my understanding looks like you want a wildcard ssl) is a bad idea as well because it defeats the purpose of validating that a specific cert is owned by a specific server
On Apr 9, 2012, at 9:11 PM, Stephanus J Alex Taidri <securityfocus.ae (at) taidri (dot) com [email concealed]> wrote:
> Hi Robert,
>
> The problem with self-signed-certificate is you really need to educate
> the users and ensure they always check for the certificate issuer,
> expiry, other parameters, etc before accepting the sessions.
>
> As we know... most users don't bother and just click Accept.
>
> That's mean, if the hijacker using MITM attack able to intercept your
> traffic (which is easy if this is traverse the internet) and present
> their own self-signed-certificate, most users do not aware and will
> still Accept the connection, thus being hijacked.
>
> Therefore it's imperative to implement a valid certificate either for
> public CA or private CA as long as the chain can be validate back and
> user's browser able to validate the authenticity of the certificate.
>
> Kind regards,
> SJ Alex Taidri
>
> On Fri, Apr 6, 2012 at 7:21 AM, Robert Smith <robert.smith2929 (at) gmail (dot) com [email concealed]> wrote:
>> Hello all,
>>
>> I would like to know what are all security risk if i set rdp over ssl with a selfsigned certificat .
>>
>> One example, is it possible that the certificate become corrupted ? What are the impacts ? DoEs exists some recovery solution ?
>>
>> Man in the middle , is it yet possible ?
>>
>> My principal problem is to deploy a certificate signed by our ca on all our servers ?
>>
>> Ã? certificate with * character resolve my problem ?
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
On Apr 9, 2012, at 9:11 PM, Stephanus J Alex Taidri <securityfocus.ae (at) taidri (dot) com [email concealed]> wrote:
> Hi Robert,
>
> The problem with self-signed-certificate is you really need to educate
> the users and ensure they always check for the certificate issuer,
> expiry, other parameters, etc before accepting the sessions.
>
> As we know... most users don't bother and just click Accept.
>
> That's mean, if the hijacker using MITM attack able to intercept your
> traffic (which is easy if this is traverse the internet) and present
> their own self-signed-certificate, most users do not aware and will
> still Accept the connection, thus being hijacked.
>
> Therefore it's imperative to implement a valid certificate either for
> public CA or private CA as long as the chain can be validate back and
> user's browser able to validate the authenticity of the certificate.
>
> Kind regards,
> SJ Alex Taidri
>
> On Fri, Apr 6, 2012 at 7:21 AM, Robert Smith <robert.smith2929 (at) gmail (dot) com [email concealed]> wrote:
>> Hello all,
>>
>> I would like to know what are all security risk if i set rdp over ssl with a selfsigned certificat .
>>
>> One example, is it possible that the certificate become corrupted ? What are the impacts ? DoEs exists some recovery solution ?
>>
>> Man in the middle , is it yet possible ?
>>
>> My principal problem is to deploy a certificate signed by our ca on all our servers ?
>>
>> Ã? certificate with * character resolve my problem ?
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
>>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]