× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2017

RE: DCM cert for Apache settings






Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Nathan Andelin
Sent: Thursday, March 9, 2017 8:24 AM
To: Midrange Systems Technical Discussion
Subject: Re: DCM cert for Apache settings


<snip>


The job of a certificate authority is to verify that you really are
who you
say you are. So if you claim to be www.amazon.com, the certificate
authority will not issue a certificate unless you somehow "prove"
it.
(They might call Amazon's phone number, for example, or something
similar...
depending on how serious they take it.)


I understand the role of the CA. But if you KNOW you are connecting to
www.amazon.com, why not trust a certificate issued and signed by
www.amazon.com?

If you go to Amazon.com, but get a certificate for another site, you
can be
sure that someone someone is intercepting the session and
redirecting
it somewhere else.


</snip>

The problem is, you can't know that you are really connecting to
www.amazon .com unless you either let your browser do the work of
verifying that site is who they say they are, or you do lots of checking
manually to verify that your connection ended up at the right place. It
is possible to do the checking, but it would be time consuming, and
beyond the ability of your average browser user. The problem that
signed certificates fix are man in the middle attacks.
https://en.wikipedia.org/wiki/Man-in-the-middle_attack

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.