RE: DCM cert for Apache settings -- MIDRANGE-L

Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----

From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Nathan Andelin
Sent: Thursday, March 9, 2017 8:24 AM
To: Midrange Systems Technical Discussion
Subject: Re: DCM cert for Apache settings

<snip>

The job of a certificate authority is to verify that you really are

who you

say you are. So if you claim to be www.amazon.com, the certificate
authority will not issue a certificate unless you somehow "prove"

it.

(They might call Amazon's phone number, for example, or something

similar...

depending on how serious they take it.)

I understand the role of the CA. But if you KNOW you are connecting to
www.amazon.com, why not trust a certificate issued and signed by
www.amazon.com?

If you go to Amazon.com, but get a certificate for another site, you

can be

sure that someone someone is intercepting the session and

redirecting

it somewhere else.

</snip>

The problem is, you can't know that you are really connecting to
www.amazon .com unless you either let your browser do the work of
verifying that site is who they say they are, or you do lots of checking
manually to verify that your connection ended up at the right place. It
is possible to do the checking, but it would be time consuming, and
beyond the ability of your average browser user. The problem that
signed certificates fix are man in the middle attacks.
https://en.wikipedia.org/wiki/Man-in-the-middle_attack

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.