Hi, I have a question about self signed certs.
If there is no CA for it or the CA does not answer is the traffic encrypted ?

Thanks.

Short answer is yes, the connection is still encrypted with self signed certificates.

Allow me to clarify a few things about SSL CAs. A certificate authority is not a listening service like a web server. It is simply a certificate that signs other certificates. So when you have a certificate authority certificate installed in your browser it can be used to verify all of the certs it has signed.

If you don't have a certificate authority certificate installed in your browser (or you delete a CA cert from your browser) then it will show up with a certificate warning just like a self signed cert.

If you'd like to play a bit with a certificate authority I have a set of scripts for an internal CA that I run at home.

https://github.com/samrocketman/my_internal_ca

Does that help to explain a little bit? I understand that most classes that discuss SSL explain certificate authorities like they're network services taking connections but that's fundamentally wrong. I say that because when I first learned about CA's I had the same misunderstanding.

1 members found this post helpful.

Thank you for the answer, it helped.

Furthermore, many companies set up their own internal CA's, run by their central security services and sometimes set up as a tier of CA's, and they then program browsers and so-forth to accept only that signature authority when accessing internal sites and resources.

They sometimes go one step further than that, and use individually-issued certificates (similarly "self-"signed) to identify the computers that are accessing restricted services. You can go a very long way with existing public-key crypto technology if you use it well.