Not a CentOS question admittedly, but if I have an https server and I generate a self-signed certificate, will transfers then be encrypted for their duration, or is the cert. merely a 'verification of ID' upon connection kind of thing?
- background - this sever on my internal network would normally not be running, and only awakened (ether-wake from another network machine into which I have SSHd) when I wish to access it - to download a file or two from my internal network when I am away. After the transfer, the https server would then be 'shutdown' again.
Thank you.
Certificate question
-
- Posts: 1522
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Re: Certificate question
Why yes it is. TLS is subject to man in the middle attacks (as actually what we do is public key for a bit and then agree a secret key and go back to "normal" crypto. - if you get that exchange, then it's like knowing the password).Not a CentOS question admittedly, but if I have an https server and I generate a self-signed certificate, will transfers then be encrypted for their duration, or is the cert. merely a 'verification of ID' upon connection kind of thing?
Anyway, certificates are there to say that the server you are connecting to is really the server you are expecting to connect to (for example think of DNS poisoning et al). To do that we believe certain certificate authorities (whom of late, have been found wanting, but that's another story). If that 3rd party certificate authority says that yes this is that site, then we believe them - otherwise an exception is thrown....
It actually has very little to do with the actual on the wire cyrpto...
-
- Posts: 1522
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Re: Certificate question
OK - so, if I want the 'crypto part' for the transfer, I need to provide it myself.
Thank you. That's exactly what I needed to know.
Thank you. That's exactly what I needed to know.
Re: Certificate question
Look at the packets .... they don't lie.
-
- Posts: 1522
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Re: Certificate question
Heh - I trust you and still dealing with packet types, sources, destinations.
Thank you.
Thank you.
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Certificate question
Self signed certificate will provide encryption,but visitors' browser won't be able to distinguish your web site and man in the middle attacker.
Of course, there are companies like 'Let's encrypt' that provide legitimate and free certificates.
Of course, there are companies like 'Let's encrypt' that provide legitimate and free certificates.
Re: Certificate question
... unless you import the CA signer into the trusted store ...