(cache)/g/ - People still fall for "paid SSL certs are better"? - Technology


08/21/20	New boards added: /vrpg/, /vmg/, /vst/ and /vm/
05/04/17	New trial board added: /bant/ - International/Random
10/04/16	New board for 4chan Pass users: /vip/ - Very Important Posts
[Hide] [Show All]

Midex
People still fall for "paid SS(...) 01/17/25(Fri)06:51:42 No.103928545

People still fall for "paid SSL certs are better"? Midex 01/17/25(Fri)20:51:42 No.103928545▶

How are DigiCert and GlobalSign still around with their paid SSL certificates with shady slogans like """brand protection""" and """Domain reputation monitoring""" when anyone can generate a self-signed SSL certificate in OpenSSL that will encrypt their https traffic the exact same way?

Anonymous
01/17/25(Fri)06:54:14 No.103928564

Anonymous 01/17/25(Fri)20:54:14 No.103928564▶

>>103928682

>>103928545 (OP)
Because nobody trust selfsigned you tard. Get a job.

Midex
01/17/25(Fri)07:12:03 No.103928682

Midex 01/17/25(Fri)21:12:03 No.103928682▶

>>103928692 >>103928886 >>103928937

>>103928564
Why would someone trust a certificate signed by some company out there instead of one signed directly by the site owner?

Anonymous
01/17/25(Fri)07:15:34 No.103928692

Anonymous 01/17/25(Fri)21:15:34 No.103928692▶

>>103928738

>>103928682
I don't have the root certificate of every random website owner and him delivering it to me right before the website over the same medium is unsecure as hell, anyone MITMing the connection could just give their own root certificate and chain of trust instead after that.

Midex
01/17/25(Fri)07:23:31 No.103928738

Midex 01/17/25(Fri)21:23:31 No.103928738▶

>>103928751 >>103929115

>>103928692
How is it 2025 and still no algorithm for validating https keys like in SSH?

Anonymous
01/17/25(Fri)07:25:53 No.103928751

Anonymous 01/17/25(Fri)21:25:53 No.103928751▶

>>103928738
>like in ssh
...you mean manually? or what magical key management system have you come up with for SSH?

Anonymous
01/17/25(Fri)07:53:49 No.103928886

Anonymous 01/17/25(Fri)21:53:49 No.103928886▶

>>103928545 (OP)
>>103928682
Why would you sign your certificates yourself when Let’s encrypt does it for free?

Anonymous
01/17/25(Fri)07:54:11 No.103928890

Anonymous 01/17/25(Fri)21:54:11 No.103928890▶

>>103928545 (OP)
Let's Encrypt exists
Just let the other firms die

Anonymous
01/17/25(Fri)08:01:37 No.103928937

Anonymous 01/17/25(Fri)22:01:37 No.103928937▶

>>103928682
You still need a way of knowing that it's the actual site's owner who signed the cert. I can create my own self-signed SSL cert right now for any domain, and provided I managed to get access to that domain? How would you tell my self-signed cert apart from the real site-owners' without some 3rd party involvement?

Not saying that you can't figure out some convoluted way of doing it, but the system of having a known 3rd-party handle this for you is far simpler and easier to implement.

Anonymous
01/17/25(Fri)08:06:06 No.103928969

Anonymous 01/17/25(Fri)22:06:06 No.103928969▶

Look up how the x509 system works.
That said, Letsencrypt is an absolute champion and I have had many certs signed by them and they're all fully trusted.

I've also signed my own certs for my internal network, but it involves distributing a CA to all my devices.

Anonymous
01/17/25(Fri)08:28:45 No.103929115

Anonymous 01/17/25(Fri)22:28:45 No.103929115▶

>>103928738
There actually is, you just tell the browser that you do, infact, trust the sites' certificate despite it warning you about it. Which is exactly the same as when you SSH to a host machine for the first time and your client doesn't have a record of the public key and warning you about this.

Name
Options
Comment
Verification	4chan Pass users can bypass this verification. [Learn More] [Login]
File
Please read the Rules and FAQ before posting. You may highlight syntax and preserve whitespace by using [code] tags.

Starting February 1st, 4chan Passes are increasing in price.

One year: $30, Three years: $60