On Thu, Mar 9, 2017 at 10:54 AM, Nathan Andelin <nandelin@xxxxxxxxx> wrote:


Yes. If the client don't trust the certificate, self-signed or not, it
will be rejected. That's how SSL works.



SSL encryption works fine with self-signed certificates (just as well as
CA-signed certificates).


I never said it didn't. The caveat is that the CA chain must be trusted or
the client application must be set up to ignore not trusted errors for it
to work. That's for any type of SSL certificate the server presents.



Also, the terminology used is horrible which probably why Scott wasn't
quite sure of what you were saying.

Scott was referring to SMTP servers and HTTP servers that run web
services. You seem to be referring to clients of some sort.

"Web service clients and servers". That is VERY confusing.


I understand that the term "web services" might be ambiguous to some
people. But why for you and Scott Klement? You both have written your own
web-service clients (GETURI and HTTPAPI), which provide for SSL encryption,
using self-signed certificates.


A web service is something that runs on a server. A web service client,
like GETURI or HTTPAPI is a client that consumes the web service. Two
completely different animals.

Web service = server = presents SSL cert to clients
Web service client = checks the SSL certificate presented by the server it
connects to and decides if it should continue.

The only time a client actually uses an SSL certificate is for client side
authentication. But lets not go down that road...


And similarly, SMTP-relay clients and servers implement TLS protocols and
encryption, using self-signed certificates. That's common in the industry.


Self signed certificates are NOT common in the industry.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.