How secure is it to use self-signed certificates? As far as I understand it, an attacker could pretend to be my server if I don’t have a certificate from an authority. Is this much of a risk?
Should I buy a certificate for Subversion?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How secure is it to use self-signed certificates? As far as I understand it, an attacker could pretend to be my server if I don’t have a certificate from an authority. Is this much of a risk?
Should I buy a certificate for Subversion?
There’s no real harm in using self signed certs for in house projects as long as everyone is aware. From a security standpoint you may want to distribute the cert to your users so that they can ensure it’s valid when they make the initial connection. There’s no reason to pay for a cert in this case. A self signed cert provides the same level of cryptographic protection as a paid cert it just isn’t automatically trusted by the client program.