using self signed certificate does not provide any authentication
guarantees to the user that is connecting to the system. Reason being
that the user has not strong way of validating that the contents of
the certificates have not been changed or generated by another user.
Consequently they have not assurance of the identity of the system
that they are connecting to...The same applies even if they are
reviewing the contents of the certificate...
It should only be advised in low risk environment such as a
local/intranet environment. Its not advisable for external systems.
On 13 April 2012 12:47, _ <packetnull (at) gmail (dot) com [email concealed]> wrote:
> and to add your goal on setting up a * ssl (from my understanding looks like you want a wildcard ssl) is a bad idea as well because it defeats the purpose of validating that a specific cert is owned by a specific server
>
> On Apr 9, 2012, at 9:11 PM, Stephanus J Alex Taidri <securityfocus.ae (at) taidri (dot) com [email concealed]> wrote:
>
>> Hi Robert,
>>
>> The problem with self-signed-certificate is you really need to educate
>> the users and ensure they always check for the certificate issuer,
>> expiry, other parameters, etc before accepting the sessions.
>>
>> As we know... most users don't bother and just click Accept.
>>
>> That's mean, if the hijacker using MITM attack able to intercept your
>> traffic (which is easy if this is traverse the internet) and present
>> their own self-signed-certificate, most users do not aware and will
>> still Accept the connection, thus being hijacked.
>>
>> Therefore it's imperative to implement a valid certificate either for
>> public CA or private CA as long as the chain can be validate back and
>> user's browser able to validate the authenticity of the certificate.
>>
>> Kind regards,
>> SJ Alex Taidri
>>
>> On Fri, Apr 6, 2012 at 7:21 AM, Robert Smith <robert.smith2929 (at) gmail (dot) com [email concealed]> wrote:
>>> Hello all,
>>>
>>> I would like to know what are all security risk if i set rdp over ssl with a selfsigned certificat .
>>>
>>> One example, is it possible that the certificate become corrupted ? What are the impacts ? DoEs exists some recovery solution ?
>>>
>>> Man in the middle , is it yet possible ?
>>>
>>> My principal problem is to deploy a certificate signed by our ca on all our servers ?
>>>
>>> À certificate with * character resolve my problem ?
>>> ------------------------------------------------------------------------
>>> Securing Apache Web Server with thawte Digital Certificate
>>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
guarantees to the user that is connecting to the system. Reason being
that the user has not strong way of validating that the contents of
the certificates have not been changed or generated by another user.
Consequently they have not assurance of the identity of the system
that they are connecting to...The same applies even if they are
reviewing the contents of the certificate...
It should only be advised in low risk environment such as a
local/intranet environment. Its not advisable for external systems.
On 13 April 2012 12:47, _ <packetnull (at) gmail (dot) com [email concealed]> wrote:
> and to add your goal on setting up a * ssl (from my understanding looks like you want a wildcard ssl) is a bad idea as well because it defeats the purpose of validating that a specific cert is owned by a specific server
>
> On Apr 9, 2012, at 9:11 PM, Stephanus J Alex Taidri <securityfocus.ae (at) taidri (dot) com [email concealed]> wrote:
>
>> Hi Robert,
>>
>> The problem with self-signed-certificate is you really need to educate
>> the users and ensure they always check for the certificate issuer,
>> expiry, other parameters, etc before accepting the sessions.
>>
>> As we know... most users don't bother and just click Accept.
>>
>> That's mean, if the hijacker using MITM attack able to intercept your
>> traffic (which is easy if this is traverse the internet) and present
>> their own self-signed-certificate, most users do not aware and will
>> still Accept the connection, thus being hijacked.
>>
>> Therefore it's imperative to implement a valid certificate either for
>> public CA or private CA as long as the chain can be validate back and
>> user's browser able to validate the authenticity of the certificate.
>>
>> Kind regards,
>> SJ Alex Taidri
>>
>> On Fri, Apr 6, 2012 at 7:21 AM, Robert Smith <robert.smith2929 (at) gmail (dot) com [email concealed]> wrote:
>>> Hello all,
>>>
>>> I would like to know what are all security risk if i set rdp over ssl with a selfsigned certificat .
>>>
>>> One example, is it possible that the certificate become corrupted ? What are the impacts ? DoEs exists some recovery solution ?
>>>
>>> Man in the middle , is it yet possible ?
>>>
>>> My principal problem is to deploy a certificate signed by our ca on all our servers ?
>>>
>>> À certificate with * character resolve my problem ?
>>> ------------------------------------------------------------------------
>>> Securing Apache Web Server with thawte Digital Certificate
>>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>>> ------------------------------------------------------------------------
>>>
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
>>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]