outdated ssl cert

outdated ssl cert

am 16.01.2010 17:58:01 von Vadkan Jozsef

what does a self-signed outdated ssl cert worth? [https]

could it be tricked [https] in a way, that the end user will not
recognize? [e.g. he already accepted the cert one time, and the browser
would warn her, if it been ""attacked""?]

...I mean does an outdated self-signed certificate give the same security
as a normal cert?

thanks


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: outdated ssl cert

am 17.01.2010 00:29:14 von LuKreme

On 16-Jan-2010, at 09:58, Vadkan Jozsef wrote:
> does an outdated self-signed certificate give the same security
> as a normal cert?


An outdated cert, self-signed or not, is invalid. So, no.

--=20
'An appointment is an engagement to see someone, while a morningstar is =
a large lump of metal used for viciously crushing skulls. It is =
important not to confuse the two.' --Men at Arms


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: outdated ssl cert

am 19.01.2010 21:04:25 von janos.lobb

On Jan 16, 2010, at 11:58 AM, Vadkan Jozsef wrote:

> what does a self-signed outdated ssl cert worth? [https]
>
> could it be tricked [https] in a way, that the end user will not
> recognize? [e.g. he already accepted the cert one time, and the =20
> browser
> would warn her, if it been ""attacked""?]
>
> ..I mean does an outdated self-signed certificate give the same =20
> security
> as a normal cert?
>
> thanks
>
>

You can always create a non-outdated self-signed certificate, so what =20=

is the problem=F3 ?=

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org