Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: SSL Certificate - Internal CA vs "well known CA"

Re: SSL Certificate - Internal CA vs "well known CA"

From: Vinicius Vianna <ds_at_hacked.com.br>
Date: Mon, 06 Aug 2007 16:57:22 -0300

Hi,

I think the main problem with an internal CA is that anyone can forge
it, if someone don't have your CA on their browsers (i.e. they didn't
imported it), and someone forge it they can't verify it, with an
external CA they will know it, since to forge it they would have the CA
keys.
If you import your CA to all your users, i think there's no difference.

Just my 0.02,
Vinicius

sfmailsbm_at_gmail.com wrote:
> Dear List,
>
> Just wanted to understand why using a "well known 'trusted' CA" (e.g. verisign) is more secure than using an Internal CA to manage Certificates
>
>
> e.g. if a company wants to publish a non-financial site (as opposed to, say, Internet Banking) would not an Internal CA be as Secure as an external one?
>
>
> What is the real (security) benefit of using (expensive) external (e.g. Verisign) Certs?
>
>
> Thanks you for your comments
>
>
>
Received on Aug 06 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]