[squid-users] Private root certificate
Antony Stone
Antony.Stone at squid.open.source.it
Tue Oct 10 15:49:05 UTC 2017
On Tuesday 10 October 2017 at 17:37:44, B Hirsch wrote:
> What are the security vulnerabilities with trusting your own private root
> certificate?
If *you* created the certificate and *you* control the CA, so you *know* what
certificates it has signed, I don't see that there are any vulnerabilities.
A browser will warn you that the certificate is untrusted, because it cann't
verify the CA from its list of built-in CAs, but once you've added your own CA
certificate to the browser, all your own signed certificates will be trusted.
The only vulnerability I can imagine is if you install the CA certificate to a
bunch of browsers, and then someone manages to get at your CA and sign a
certificate you don't want them to.
In this case protecting the CA is the important part (as is the case for all
CAs).
Antony.
--
<flopsie> yes, but this is #lbw, we don't do normal
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list