[ previous ] [ next ] [ threads ]
 
 From:  Mark Wass <mark dot wass at gmail dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Wegui SSL Pros and Cons
 Date:  Sat, 26 Nov 2005 06:16:24 +1000
So unless you have a real purchased SLL cert (Thawte) or you have a 
server acting as a enterprise CA on your network, there really is no 
advantage to using a custom SLL cert, over the in built HTTPS function?

Chris Buechler wrote:

>On 11/25/05, Mark Wass <mark dot wass at market dash analyst dot com> wrote:
>  
>
>>Thanks for the reply.
>>
>>I thought when you use HTTPS that it made use of encryption, why would I
>>use a SSL cert if I'm using HTTPS?
>>
>>    
>>
>
>There is always a SSL cert when using HTTPS (it's what makes the
>encryption possible).  Defining a custom cert, for one example, can
>allow you to put in a certificate signed by a enterprise CA that your
>machines trust already.  This would be to avoid the annoying "is this
>certificate ok" prompts from web browsers, and it makes it much easier
>to detect MITM attacks against SSL from the likes of sslmitm, et. al. 
>Ideally you would use trusted certs for all HTTPS across your network,
>and if that certificate warning message ever pops up, your users
>should be trained to be suspicious.
>
>You can also use it to use a "real" cert bought from a trusted CA
>(like Verisign and others), which will achieve the same results as
>above, without having to install and manage your own CA.
>
>-Chris
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>  
>