Security Basics mailing list archives
Re: SSL Certificate - Internal CA vs "well known CA"
From: Vinicius Vianna <ds () hacked com br>
Date: Mon, 06 Aug 2007 16:57:22 -0300
Hi,I think the main problem with an internal CA is that anyone can forge it, if someone don't have your CA on their browsers (i.e. they didn't imported it), and someone forge it they can't verify it, with an external CA they will know it, since to forge it they would have the CA keys.
If you import your CA to all your users, i think there's no difference. Just my 0.02, Vinicius sfmailsbm () gmail com wrote:
Dear List, Just wanted to understand why using a "well known 'trusted' CA" (e.g. verisign) is more secure than using an Internal CA to manage Certificates e.g. if a company wants to publish a non-financial site (as opposed to, say, Internet Banking) would not an Internal CA be as Secure as an external one? What is the real (security) benefit of using (expensive) external (e.g. Verisign) Certs? Thanks you for your comments
Current thread:
- SSL Certificate - Internal CA vs "well known CA" sfmailsbm (Aug 06)
- Re: SSL Certificate - Internal CA vs "well known CA" Vinicius Vianna (Aug 06)
- Re: SSL Certificate - Internal CA vs "well known CA" Pranay Kanwar (Aug 06)
- SSL Certificate: Any Recommendations on Specific Vendors Iwekani Mukoma (Aug 06)
- Re: SSL Certificate: Any Recommendations on Specific Vendors MaddHatter (Aug 08)
- Message not available
- Fwd: SSL Certificate - Internal CA vs "well known CA" kevin fielder (Aug 08)
- RE: SSL Certificate - Internal CA vs "well known CA" Burns, Doug (Aug 08)
- SSL Certificate: Any Recommendations on Specific Vendors Iwekani Mukoma (Aug 06)
- <Possible follow-ups>
- Re: SSL Certificate - Internal CA vs "well known CA" Eric G (Aug 08)