It doesn't, the browser only assumes all https sites without a CA that it trusts are malicious, simply because it doesn't know any better. It is dangerous to do otherwise because you can't possibly know all the malicious self signed certificates. Once one is discovered, it is easy to make a new one. It is far easier to know all the safe CA's, and leave the liability to them to ensure the certs they issue are legit.
Mark Murphy
Atlas Data Systems
mmurphy@xxxxxxxxxxxxxxx
-----Nathan Andelin <nandelin@xxxxxxxxx> wrote: -----
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
From: Nathan Andelin <nandelin@xxxxxxxxx>
Date: 03/09/2017 11:35AM
Subject: Re: DCM cert for Apache settings
But if they are using a self signed cert, how do you KNOW you are
connecting to www.amazon.com?
I agree that it is possible for malicious people, or malicious code to hack
say PC's host files (i.e. DNS poisoning) and redirect browsers to malicious
IP addresses on the Internet.
I just question the norm of browsers assuming that all HTTPS sites are
malicious, just because the possibility exists - however slight. That gets
annoying, especially for accessing servers on your LAN, for example.
As an Amazon Associate we earn from qualifying purchases.