28 Oct
2012
28 Oct
'12
6:16 p.m.
On Sun, Oct 28, 2012 at 05:10:39PM +0100, Changaco wrote:
On Sun, 28 Oct 2012 16:39:10 +0100 Iustin Pop wrote:
Sure, but I was talking about a proper certificate signed by a well-known registrar, at which point the https client would default to verify the signature against the system certificate store.
It doesn't matter what kind of certificate the server uses since the client generally doesn't know about it, especially on first connection. Some programs remember the certificate between uses and inform you when it changes, but that's not perfect either.
The client doesn't have to know about it, if it can verify a chain of trust via the system cert store, as I said above. regards, iustin