Self create openssl

ust · 08-14-2011, 11:12 PM

I know we can create openssl certicate by myself rather than buy it from vendor , can advise what is the difference between these two methods ? the cert. that created by vendor is more security ?

Thanks.

jschiwal · 08-14-2011, 11:26 PM

A self generated cert won't cost you $5000. However browsers will notify users that the cert is self signed if it wasn't issued by a CA.

Since it is self-signed, you aren't providing reliable authorization and non-repudiation to the end user since they don't know if you really are who you claim. The connection will be secure, but the end user doesn't know if the connection is to who the believe it is.

ust · 08-15-2011, 12:49 AM

Quote:

Originally Posted by jschiwal

A self generated cert won't cost you $5000. However browsers will notify users that the cert is self signed if it wasn't issued by a CA.

Since it is self-signed, you aren't providing reliable authorization and non-repudiation to the end user since they don't know if you really are who you claim. The connection will be secure, but the end user doesn't know if the connection is to who the believe it is.

Thx reply ,

I didn't have this experience , the $5,000 is for what cost ?

Thanks

jschiwal · 08-28-2011, 11:17 PM

It is the cost for a cert renewal by the a company quoted by Steve Gibson for his grc.com site. Some other companies are not as expensive.

jefro · 08-29-2011, 07:18 PM

There are many uses and secure uses for a self signed certificate.

The normal use would be to physically send the certificate to the remote user.
A second instance is where you install it to the authorized computers.

You could fool with authentication but why if it is just for your security and not public. That really is the reason for a public certificate. That being anyone can have access to it.