When connecting to the mail server via the email client, we are forced to use SSL. Yet, we only have a self-signed certificate which the IT dept wants us to trust.
What are the real security repercussions?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
When connecting to the mail server via the email client, we are forced to use SSL. Yet, we only have a self-signed certificate which the IT dept wants us to trust.
What are the real security repercussions?
Assuming the root key doesn’t leak, which would break down the whole company CA system, the only issue specific to this use of a self signed certificate is distribution; a certificate authority certificate is normally already on any computer that needs a connection to the server, while this certificate needs to be distributed manually.
If a new computer needs a connection to the server and does not have the certificate, there is no real security if you connect anyway and just accept the certificate. For it to be of any use, it needs to already exist on the computer.