Is it possible to prevent man-in-the-middle attack when using self-signed certificates?

前端 未结 3 1617
感动是毒
感动是毒 2021-02-14 06:51

I\'m not sure is similar question has been asked before (I couldn\'t find any), but is it possible to protect Client/Server from Man-In-The-Middle attack?

I\'m writin

3条回答
  •  情深已故
    2021-02-14 07:13

    Yes.

    In short, a self signed certificate is more insecure than a CA certificate only when the client does not know the certificate in advance and therefore has no way to validate that the server is who it says it is.

    If you add the self signed certificate to the client and don't accept any other certificate, you're actually as secure (or, one could argue, even more so) than having a certificate authority signed certificate.

    The important parts to keep SSL secure with or without a certificate authority are;

    • The server private key (and in the case of a CA, the private keys of all its roots) is kept secret.
    • The client knows the server certificate (or its CA root).

提交回复
热议问题