On Sat, 30 Sep, 2023, 8:00 pm Emmanuel Dreyfus, <m...@netbsd.org> wrote:
> On Sat, Sep 30, 2023 at 07:40:34PM +0530, General Email wrote: > > By the way, I don't understand how the default certificate can be abused. > > It is not signed by a trusted CA, hence your browser cannot tell if it > is speaking to your legitimate web server, or to some malware lurking > in between. Perhaps your web trafic is not worth being evesdropped, but > consider a malware could inject an exploit against your browser in your > web trafic. The attacker could just be an infected machine on the same > LAN. > > The security level of an untrusted ceritificate is not much better than > plain text HTTP. > Yes, I understand this. We will not be using the default untrusted certificate when we go live. But during development, if 10 people are working on the development of one website and each of them has their own apache http installation, then we have to generate 10 certificates and do a few changes or more than few changes to get https enabled on each of 10 installations. Having a default certificate (not signed by trusted CA) in official http server will make enabling https on each installation much easier and we won't have to generate 10 certificates, etc. Regards, GE
