Skip to main content
Information Security

Return to Question

replaced http://security.stackexchange.com/ with https://security.stackexchange.com/
Source Link
Community Bot
Community Bot
  • 1

if a self-signed certificate is trusted by the client's certificate store, then it should be fine to be used, since the client trusts the issuer of the certificate as it does any other trusted CA (certificate issuer).

However, I believe that the problem with self-signed certificates is that you have a distributed certificate issuer, meaning that "the CA" is not secured like a CA should be, and the risk of it being compromised is higher than that of a sensitively taken care of CA.

Here's where I get confused. The last paragraph is wrong. Since the certificate is self-signed and the public key of the key pair is trusted, then the certificate issuer is not trusted; just the key pair is trusted.

Is this correct?

Is it safe to assume that self-signed certificates are trustworthy 100% of the time?

Thanks,

Matt

P.S. This is in relation to the issuance of a code signing for Local Update Publisher to be used with a WSUS install. Not a web site.

P.P.S. Did I not just explain how a "root CA" is trusted/trustworthy?Did I not just explain how a "root CA" is trusted/trustworthy?

if a self-signed certificate is trusted by the client's certificate store, then it should be fine to be used, since the client trusts the issuer of the certificate as it does any other trusted CA (certificate issuer).

However, I believe that the problem with self-signed certificates is that you have a distributed certificate issuer, meaning that "the CA" is not secured like a CA should be, and the risk of it being compromised is higher than that of a sensitively taken care of CA.

Here's where I get confused. The last paragraph is wrong. Since the certificate is self-signed and the public key of the key pair is trusted, then the certificate issuer is not trusted; just the key pair is trusted.

Is this correct?

Is it safe to assume that self-signed certificates are trustworthy 100% of the time?

Thanks,

Matt

P.S. This is in relation to the issuance of a code signing for Local Update Publisher to be used with a WSUS install. Not a web site.

P.P.S. Did I not just explain how a "root CA" is trusted/trustworthy?

if a self-signed certificate is trusted by the client's certificate store, then it should be fine to be used, since the client trusts the issuer of the certificate as it does any other trusted CA (certificate issuer).

However, I believe that the problem with self-signed certificates is that you have a distributed certificate issuer, meaning that "the CA" is not secured like a CA should be, and the risk of it being compromised is higher than that of a sensitively taken care of CA.

Here's where I get confused. The last paragraph is wrong. Since the certificate is self-signed and the public key of the key pair is trusted, then the certificate issuer is not trusted; just the key pair is trusted.

Is this correct?

Is it safe to assume that self-signed certificates are trustworthy 100% of the time?

Thanks,

Matt

P.S. This is in relation to the issuance of a code signing for Local Update Publisher to be used with a WSUS install. Not a web site.

P.P.S. Did I not just explain how a "root CA" is trusted/trustworthy?

deleted 1 characters in body
Source Link
brandeded
brandeded
  • 343
  • 2
  • 9

if a self-signed certificate is trusted by the client's certificate store, then it should be fine to be used, since the client trusts the issuer of the certificate as it does any other trusted CA (certificate issuer).

However, I believe that the problem with self-signed certificates is that you have a distributed certificate issuer, meaning that "the CA" is not secured like a CA should be, and the risk of it being compromised is higher than that of a sensitively taken care of CA.

Here's where I get confused. The last paragraph is wrong. Since the certificate is self-signed and the public key of the key pair is trusted, then the certificate issuer is not trusted; just the key pair is trusted.

Is this correct?

Is it safe to assume that self-signed certificates are trustworthy 100% of the time?

Thanks,

Matt

P.S. This is in relation to the issuance of a code signing for Local Update Publisher to be used with a WSUS install. Not a web site.

P.P.S. Did I notenot just explain how a "root CA" is trusted/trustworthy?

if a self-signed certificate is trusted by the client's certificate store, then it should be fine to be used, since the client trusts the issuer of the certificate as it does any other trusted CA (certificate issuer).

However, I believe that the problem with self-signed certificates is that you have a distributed certificate issuer, meaning that "the CA" is not secured like a CA should be, and the risk of it being compromised is higher than that of a sensitively taken care of CA.

Here's where I get confused. The last paragraph is wrong. Since the certificate is self-signed and the public key of the key pair is trusted, then the certificate issuer is not trusted; just the key pair is trusted.

Is this correct?

Is it safe to assume that self-signed certificates are trustworthy 100% of the time?

Thanks,

Matt

P.S. This is in relation to the issuance of a code signing for Local Update Publisher to be used with a WSUS install. Not a web site.

P.P.S. Did I note just explain how a "root CA" is trusted/trustworthy?

if a self-signed certificate is trusted by the client's certificate store, then it should be fine to be used, since the client trusts the issuer of the certificate as it does any other trusted CA (certificate issuer).

However, I believe that the problem with self-signed certificates is that you have a distributed certificate issuer, meaning that "the CA" is not secured like a CA should be, and the risk of it being compromised is higher than that of a sensitively taken care of CA.

Here's where I get confused. The last paragraph is wrong. Since the certificate is self-signed and the public key of the key pair is trusted, then the certificate issuer is not trusted; just the key pair is trusted.

Is this correct?

Is it safe to assume that self-signed certificates are trustworthy 100% of the time?

Thanks,

Matt

P.S. This is in relation to the issuance of a code signing for Local Update Publisher to be used with a WSUS install. Not a web site.

P.P.S. Did I not just explain how a "root CA" is trusted/trustworthy?

deleted 51 characters in body
Source Link
brandeded
brandeded
  • 343
  • 2
  • 9

if a self-signed certificate is trusted by the client's certificate store, then it should be fine to be used, since the client trusts the issuer of the certificate as it does any other trusted CA (certificate issuer).

However, I believe that the problem with self-signed certificates is that you have a distributed certificate issuer, meaning that "the CA" is not secured like a CA should be, and the risk of it being compromised is higher than that of a sensitively taken care of CA.

Here's where I get confused. The last paragraph is wrong. Since the certificate is self-signed and the public key of the key pair is trusted, then the certificate issuer is not trusted; just the key pair is trusted.

Is this correct?

Is it safe to assume that self-signed certificates are trustworthy 100% of the time (as long as they are explicitly trusted by the client)?

Thanks,

Matt

P.S. This is in relation to the issuance of a code signing for Local Update Publishercode signing for Local Update Publisher to be used with a WSUS install. Not a web site.

P.P.S. Did I note just explain how a "root CA" is trusted/trustworthy?

if a self-signed certificate is trusted by the client's certificate store, then it should be fine to be used, since the client trusts the issuer of the certificate as it does any other trusted CA (certificate issuer).

However, I believe that the problem with self-signed certificates is that you have a distributed certificate issuer, meaning that "the CA" is not secured like a CA should be, and the risk of it being compromised is higher than that of a sensitively taken care of CA.

Here's where I get confused. The last paragraph is wrong. Since the certificate is self-signed and the public key of the key pair is trusted, then the certificate issuer is not trusted; just the key pair is trusted.

Is this correct?

Is it safe to assume that self-signed certificates trustworthy 100% of the time (as long as they are explicitly trusted by the client)?

Thanks,

Matt

P.S. This is in relation to the issuance of a code signing for Local Update Publisher to be used with a WSUS install. Not a web site.

P.P.S. Did I note just explain how a "root CA" is trusted/trustworthy?

if a self-signed certificate is trusted by the client's certificate store, then it should be fine to be used, since the client trusts the issuer of the certificate as it does any other trusted CA (certificate issuer).

However, I believe that the problem with self-signed certificates is that you have a distributed certificate issuer, meaning that "the CA" is not secured like a CA should be, and the risk of it being compromised is higher than that of a sensitively taken care of CA.

Here's where I get confused. The last paragraph is wrong. Since the certificate is self-signed and the public key of the key pair is trusted, then the certificate issuer is not trusted; just the key pair is trusted.

Is this correct?

Is it safe to assume that self-signed certificates are trustworthy 100% of the time?

Thanks,

Matt

P.S. This is in relation to the issuance of a code signing for Local Update Publisher to be used with a WSUS install. Not a web site.

P.P.S. Did I note just explain how a "root CA" is trusted/trustworthy?

Source Link
brandeded
brandeded
  • 343
  • 2
  • 9