Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
ReturnVoid75410y@gnaaah certificates are supposed to verify identities. This only works if there's a chain of authentications leading to a root Certification Authority such as Verisign et al. -
gnaaah98310y@ReturnVoid Self-Signed certificates also have this feature, except the CA is a small self created one.
Still don't see a security risk... -
slinavipuz117710yI know that letsencrypt is a new thing in town but 15 minutes of research is all that takes to fix that thing -
blegh6910yself signs are good enough for private comms between your server and your app, it's your domain, no need for any public ca.
but, definitely bad for public websites. -
linuxxx14225810y@gnaaah As far as I know, mitm attacks can be carried out on self signed certs without the users noticing. Could be wrong though
Related Rants
-
hexacore3Picked up a legacy site to re-build, turns out just adding: '?admin=1' to the query string gave you full ad... -
blauesocke6One of our customer thought it would be too unsecure to send us his AWS credentials by email. So he printed it... -
Tale-Of-X97
Don't know if this has been post yet before but ohhh well

Self-signed certificates... I know you fuckers got them, I see them everywhere. Not cool, bruh
undefined
wk25