Is it possible to prevent man-in-the-middle attack when using self-signed certificates?

前端 未结 3 1614
感动是毒
感动是毒 2021-02-14 06:51

I\'m not sure is similar question has been asked before (I couldn\'t find any), but is it possible to protect Client/Server from Man-In-The-Middle attack?

I\'m writin

3条回答
  •  野的像风
    2021-02-14 07:12

    If you can protect your private keys well enough, a middleman will not be able to masquerade as you, assuming the user actually looks at the certificate. The problem with self-signed is that if you want the user to add the exception to their browser, or just ignore the warning, then you are exposed to man-in-the-middle attack, because anyone else may create their own certificate.

    Of course, "protecting your private keys well enough" is not trivial at all. When you pay for a "Verisign" certificate, you're not paying for their software creating the certificate - you're paying for the security forces they have guarding the building in which the private keys are stored.

提交回复
热议问题