Skip to main content
Information Security

Return to Answer

deleted 3 characters in body
Source Link
mentallurg
mentallurg
  • 12.7k
  • 5
  • 39
  • 51

This will mean a lot of unneeded overhead. I'd suggest following:

  • Since you don't have certificates issued by CA, create your own CA. Namely, create a self-signed certificate and add it to a key store on both servers, so that your certificate is trusted.
  • Issue certificates to each server and sign them with private key of your own CA.
  • Make your servers to use their certificates when communicating with the others.

Thus you will actually use PKI.

In the future, when you get certificates from the real (commonly known) CAs, the only thing you will need to do will be to replace your own self-signed CA certificate by (also self-signed) certificate of a real CA.

This will mean a lot of unneeded overhead. I'd suggest following:

  • Since you don't have certificates issued by CA, create your own CA. Namely, create a self-signed certificate and add it to a key store on both servers, so that your certificate is trusted.
  • Issue certificates to each server and sign them with private key of your own CA.
  • Make your servers to use their certificates when communicating with the others.

Thus you will actually use PKI.

In the future, when you get certificates from the real (commonly known) CAs, the only thing you will need to do will be to replace your own self-signed CA certificate by (also self-signed) certificate of a real CA.

This will mean a lot of unneeded overhead. I'd suggest following:

  • Since you don't have certificates issued by CA, create your own CA. Namely, create a self-signed certificate and add it to a key store on both servers, so that your certificate is trusted.
  • Issue certificates to each server and sign them with private key of your own CA.
  • Make your servers use their certificates when communicating with the others.

Thus you will actually use PKI.

In the future, when you get certificates from the real (commonly known) CAs, the only thing you will need to do will be to replace your own self-signed CA certificate by (also self-signed) certificate of a real CA.

Source Link
mentallurg
mentallurg
  • 12.7k
  • 5
  • 39
  • 51

This will mean a lot of unneeded overhead. I'd suggest following:

  • Since you don't have certificates issued by CA, create your own CA. Namely, create a self-signed certificate and add it to a key store on both servers, so that your certificate is trusted.
  • Issue certificates to each server and sign them with private key of your own CA.
  • Make your servers to use their certificates when communicating with the others.

Thus you will actually use PKI.

In the future, when you get certificates from the real (commonly known) CAs, the only thing you will need to do will be to replace your own self-signed CA certificate by (also self-signed) certificate of a real CA.