Quantcast
Channel: Active questions tagged https - Stack Overflow
Viewing all articles
Browse latest Browse all 1571

Why are self-signed SSL certs less secure than Certificate Authority signed ones?

$
0
0

An SSL certificate can either be self-signed, or signed by a certificate authority. Modern browsers will only trust a site that provides an authority signed certificate.

A user can get an authority signed certificate for their domain if the user proves to the authority that it owns the domain name (ex: via ability to manipulate the domain’s DNS records).

This is done to establish some sort of security — they prove to the browser that the site the browser is visiting is actually controlled by the legitimate owner of the domain.

But I don’t understand how this proof of ownership actually increases security.

Isn’t it pretty much implied that a domain owner owns the underlying site it points to? And even if it doesn’t, why does that matter?

Is the idea that a hacker could breach the DNS records and point a well-known domain to their malicious server? I can see how this would protect end users. But if a hacker has that level of access, they can just generate a new SSL cert to plop onto their server anyways.

I keep reading that this helps against bad actors spoofing well-known sites with something like "go0gle.com". But if this attacker owns "go0gle.com", they can get a CA to issue them a cert for this copycat domain name and appear as "trustworthy" in the eyes of the browser.


Viewing all articles
Browse latest Browse all 1571

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>