Announcement

Collapse
No announcement yet.

Do you agree with explanation (in the message) about self-singed certificate?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Do you agree with explanation (in the message) about self-singed certificate?

    I want to configure Terminal Server for Server Authentication.
    First thing is to obtain a certificate.
    Before buying I would like to know your opinion about self signed certificate in small environment. Up to 10 remote users.


    Many years ago I did them on Linux and I guess today there are utilities for Windows too...

    From the article:

    This article shows you how to create a SSL certificate, using Open Source software.
    It really is free
    .
    However, if you work for large corporations or governments, don't do something useful like this,
    go buy a SSL certificate (and keep paying every year). Your job is to spend lots of money to make you look important.
    From a cryptographic perspective, there is no difference in security whether you use a self-signed
    SSL certificate or buy an expensive SSL certificate. The only difference is perhaps cost and a convoluted sense of security:
    after you spend money buying expensive SSL certificates from some unknown and self-declared "trust-worthy and reputable"
    company, it must make you feel good. But back in your logical mind, you may be bothered by these haunting questions:
    Have you ever met them ? Do you know where they are ? Do you know who they really are ? How long have you known them ?
    Do you trust them more than you trust yourself ? Based on what evidence and logical thinking that make you think they are trust-worthy ?
    Last edited by mla; 29th October 2008, 20:52. Reason: error in subject line
    "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

  • #2
    Re: Do you agree with explanation (in the message) about self-singed certificate?

    Please give credit to the original author! That quote is from: http://chinese-watercolor.com/nicholas/openssl.html
    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Do you agree with explanation (in the message) about self-singed certificate?

      Given that you can get "real" certificates, issued by a trusted CA for very small amounts of money (GoDaddy is < $20 per year), why would you want to go down the self signed route?
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Do you agree with explanation (in the message) about self-signed certificate?

        I think, it's more easy to buy external certificate from Thwate for example, you don't need to install root CA in every machine. And it cost is around 300$ for 5 years.
        Best regards,

        Look before you leap!

        MCSA 2003, MCDBA 2000
        IT Consultant.

        Comment


        • #5
          Re: Do you agree with explanation (in the message) about self-signed certificate?

          Originally posted by mla View Post
          Your job is to spend lots of money to make you look important.
          An IT admin who believes that is going to get fired pretty quickly.
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

          Comment


          • #6
            Re: Do you agree with explanation (in the message) about self-singed certificate?

            Hi,

            The issue depend on a few technical and business requirements:


            1. Do you need external computers to the server?

            2. Do you have a current PKI infrastructure or need a PKI onfrastructure?

            3. Do you have the knowledgeable and time to support PKI infrastructure?

            4. Do you need a special security settings that cant obtain from third party vendor?

            5. Do you have budget for purchase SSL Certificate?


            I can recommended to use official certificate for:

            1. SSL VPN Device.

            2. External web site.

            3. Exchange OWA/RPC Over HTTP etc.
            Best Regards,

            Yuval Sinay

            LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

            Comment

            Working...
            X