Home > Computers and Internet > Self Signed Certificates should be more acceptable in the Windows system

Self Signed Certificates should be more acceptable in the Windows system

Computer Certificates are important, but complex things. They’re used by servers to validated that they are who they say they are. That might sound confusing, but there are tricks that hackers can do which will intercept calls from a client to a server. It’s known as DNS redirect. The client has no idea that it’s not talking to the server it thinks it’s talking to. The current existing solution to this problem is certificate authorities. Getting certificates are expensive.

The way it works is that your Operating System comes configured to trust a certain set of certificate authorities. The idea is that if the base certificate authorities are compromised the whole internet isn’t trustworthy. So we’re all in it together. Then what happens is server administrators request certificates from the authorities and installs them on their servers. Then when the client (you) go to the website the server hands back the site and the certificate. At that point the client verifies with the certificate authority if the certificate matches the server name. If the authority says yes, the user doesn’t even know what just happened on their behalf. If the certificate does not match the browser throws up errors.

I think that while this is good for “trusting” websites the first time you send secure information to them, I think there’s another solution that would less expensive for everybody (except the certificate authorities who would lose money). It’s possible for servers to create self signed certificates. With the way things stand now, clients consider self signed certs to be as bad as invalid certs. I think that the scenario of somebody logging into their companies computers for the first time, and accepting the self signed cert, should be a way more user friends scenario than what it is today. What should happen is the browser should ask the user “Do you want to trust this certificate” and the user can verify that the websites IP Address hasn’t been high jacked, and accept the cert. Then every time after that the websites is trusted, because it remembers the self signed cert.  

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: