security - When is it acceptable to use self-sign cert in production? -


self signed cert looked down test-only certificate. per understating, using production fine if used right reason. trying provide guidelines customers use what. e.g.:

  1. authentication: not ok use self-signed brower not trust "self" issuer. so, service-to-service or service-to-client authentication not ok use self-signed. unless there pre thumbprint/cn whitelisting process before verifying. lot of people these, e.g. azure upload management cert public key, used authenticate api.
  2. signing: no ok, there no trust issuer. unless there pre thumbprint whitelisting process before verifying. unless there pre thumbprint/cn whitelisting process before verifying.
  3. encryption: ok use self-signed there no chain trust required. in case of attack, mim cert not decrypt, no other impact.

i thoughts/recommendations/guidelines community ensure recommendations in right direction.

thanks.

authentication: not ok use self-signed brower not trust "self" issuer.

ok use long there trusted offline certificate distribution process. not ok use via 'trust-all' code.

signing: no ok, there no trust issuer.

ok use long there trusted offline certificate distribution process.

encryption: ok use self-signed there no chain trust required. in case of attack, mim cert not decrypt, no other impact.

ok use long there trusted offline certificate distribution process. part 'mi[t]m cert not decrypt' meaningless. certificates don't perform decryption, , mitm has managed provide own certificate instead of target's have corresponding private key, otherwise attack pointless. in absence of trust, if sender uses public key out of untrusted certificate encrypt anything, doesn't know can decrypt it, being insecure.


Comments

Post a Comment

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

i've set bento/ubuntu-16.04 vagrant box using php 5.6, , getting following error quite few times when try , run shell script: "uncaught reflection exception: class domdocument not exist". i've tried adding following top of script (not together), each no success: "sudo apt-get install php5.6-xml", "sudo apt-get install php5-xml", "sudo apt-get install php-dom" i've tried resetting server "sudo service apache2 restart". does have suggestions?
Read more

vue.js - Create hooks for automated testing -

Image
qa guys complained can't automate frontend testing. because our html looks same outside. lazy hack did this <template> <div :role="$options.name"> ... </div> </template> <script> export default { name: 'vmcomponentname' } </script> which takes name script , applies html. in browser get: <div role="vmcomponentname"> ... </div> line :role="$options.name" goes in every component. is there dry er solutions? please share. additional details i'll explain in details looking for. imagine have vmusercreate form creates user. test case can create user . to automatically test without role, have use following selector: .wrapper > .wrapper > .wrapper > .submit-button the test extremely brittle (will break lot). if use roles can use [role="vmusercreateform"] .submit-button selector. many folds less brittle. so basically, i'm ...
Read more

Add new key value to json node in java -

i have json file : { "id":1, "name":"abc", "addressdetails": { "city":"newyork" } } i wanted add 1 more key-value ("pincode" : "414141") node 'addressdetails'. i tried using : objectmapper mapper = new objectmapper(); jsonnode root = mapper.readtree(new file("d://test.json")); objectnode node = mapper.createobjectnode(); node.with("addressdetails").put("pincode", "414141"); but it's not getting added, there way can ? you can try you should modify file path objectmapper mapper = new objectmapper(); objectnode nodes = mapper.readvalue(new file("d:\\test.txt"), objectnode.class); nodes.with("addressdetails").put("pincode", "414141"); mapper.writer().writevalue(new file("d:\\test.txt"), nodes);
Read more