Security Basics mailing list archives
Are default SSL certs any more secure than HTTP ?
From: martin <martiniscool () gmail com>
Date: Thu, 13 Aug 2009 21:20:17 +0100
Hi allWe have alot of Juniper firewalls which allow us to configure HTTP and/ or HTTPS for managing the device. I've been encouraging everybody at work to use HTTPS rather than HTTP & SSH rather thantelnet, when configuring management on these devices
However, we don't put a cert of our own in it - we just use the cert that comes with the device out of the box. I don't know Junipers (or other vendors) policy on these certs - but I'm guessing every device they manufacture gets the same cert until that cert expires
So my question is, as the cert is "out there" & widely available to anybody who also has a Juniper device, is using HTTPS any more secure than using HTTP in this case ? If anybody were to snoop the traffic, surely they can easily decrypt it as we're using the "out of the box" cert
I hope I've explained all this OK ? Would really appreciate some feedback
Thanks! M ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Are default SSL certs any more secure than HTTP ? martin (Aug 14)