On Thu, Jul 30, 2015 at 7:47 PM, Michael McConville <mmcco...@sccs.swarthmore.edu> wrote: > Giancarlo Razzolini wrote: >> Em 30-07-2015 09:15, trondd escreveu: >> > I guess the meat of the question is "is certs.pem the only location >> > for CAs used by the system?" (ignoring application certificate >> > stores, ie. Firefox or java). >> >> Another meat could be, why you're using self-signed certificates? >> Given the plethora of options for getting free (valid) certificates. > > He mentioned in his original email that it's a requirement where he > works. That's common, from what I hear, although probably not the > safest. >
That depends on the use case of the certificate. Use of self-signed certificate is no less secure than an "official" one as far as the actual encryption on the transport layer goes. It's only a question if the user trusts the authenticity of the self-signed certificate and the issuer of certificate is prepared to educate his/her users what a self-signed certificate is and why they should trust it. -Kimmo