[colug-432] self-signed cert on the main website.

Rob Funk rfunk at funknet.net
Sat Feb 8 19:06:38 EST 2020


On Saturday, February 8, 2020 6:48:35 AM EST jep200404 at columbus.rr.com 
wrote:
> On Sat, 8 Feb 2020 00:23:33 -0500, Chris Punches <punches.chris at gmail.com> 
wrote:
> > Also I noticed today that we're now using a self-signed cert on the main
> > website.  We should probably stop doing that.  I highly recommend ACME.
> 
> What do we need a cert for?

1. Because people going to the site over https will get a scary error page 
from their browser telling them it's insecure and unsafe. I don't know about 
Firefox, but on Chrome you have to click two different things from there in 
order to get to the page.

2. Because encryption is no good if you can't be sure who you're talking to. 
Without a valid signed certificate the site can be intercepted (MITM) and 
modified/replaced by ISPs or anyone else who can get in your network path 
(e.g. someone else at the coffee shop) and use their own self-signed 
certificate.

3. If the key is compromised and someone uses your self-signed certificate, 
the self-signed certificate can't be revoked.

4. Sites with https configurations considered insecure are likely to be 
demoted in Google search results.





More information about the colug-432 mailing list