Slashdot Mirror


When Is a Self-Signed SSL Certificate Acceptable?

UltraLoser writes "When is it acceptable to encourage users to accept a self-signed SSL cert? Recently the staff of a certain Web site turned on optional SSL with a self-signed and domain-mismatched certificate for its users and encourages them to add an exception for this certificate. Their defense is that it is just as secure as one signed by a commercial CA; and because their site exists for the distribution of copyrighted material the staff do not want to have their personal information in the hands of a CA. In their situation is it acceptable to encourage users to trust this certificate or is this giving users a false sense of security?"

2 of 627 comments (clear)

  1. Re:Interesting by Anonymous Coward · · Score: -1, Troll

    because it is "self-signed" (which means that it is signed by itself, for those not familiar with the SSL lingo). Gee, thanks for solving that mystery for the rest of us!
  2. Re:Interesting by Anonymous Coward · · Score: -1, Troll

    By the way, anyone stupid enough to give their money to such a truck in the fable you spinned up deserves to have it gone. You do realise that the WHOLE FUCKING POINT was that it would be stupid to do so, right? Idiot.