How to Trust a Self-Signed CertificateWhy are self signed certificates not trusted and is there a way to make them trusted?On an “uncritical” site, is there any reason to NOT trust a self-signed certificate?Why do Browsers warn about self-signed certificates but not about plain HTTP (which is not even encrypted)?Do not trust all intermediate certificatesHow issuer's certificate is found to verify a given certificate?Is it acceptable for an employer to install a self-signed root certificate on employees personal devices at home?Which part of a self-signed certificate can be trusted?TLS: Clarification on trust in the certificate trust chainWhat are the differences of checking a self-signed certificate vs ignore it?Self Signed Certificate in Certificate of Chain
Has J.J.Jameson ever found out that Peter Parker is Spider-Man?
How to call made-up data?
Where can I see modifications made to the PATH environment variable by the Go installer
Is there any difference between "result in" and "end up with"?
Subtle ways to render a planet uninhabitable
Lower bound for the number of lattice points on high dimensional spheres
In a KP-K endgame, if the enemy king is in front of the pawn, is it always a draw?
Is there a general term for the items in a directory?
Export economy of Mars
How to understand "...to hide the evidence of mishandled magic, or else hidden by castle-proud house-elves" in this sentence
Unlocked Package Dependencies
A criterion for finite abelian group to embed into a symmetric group
Search and replace a substring only if another substring is not present
Is it uncompelling to continue the story with lower stakes?
(7 of 11: Fillomino) What is Pyramid Cult's Favorite Shape?
Basic CPA walkthrough
Why does Shift-right says it is bound to right?
How to transform a function from f[#1] to f[x]
Representation of the concatenation at the type level
Reasons for using monsters as bioweapons
How does shared_ptr<void> know which destructor to use?
Is there a word that describes people who are extraverted and/or energetic, but uneducated, unintelligent and/or uncreative?
Why does BezierFunction not follow BezierCurve at npts>4?
Skipping same old introductions
How to Trust a Self-Signed Certificate
Why are self signed certificates not trusted and is there a way to make them trusted?On an “uncritical” site, is there any reason to NOT trust a self-signed certificate?Why do Browsers warn about self-signed certificates but not about plain HTTP (which is not even encrypted)?Do not trust all intermediate certificatesHow issuer's certificate is found to verify a given certificate?Is it acceptable for an employer to install a self-signed root certificate on employees personal devices at home?Which part of a self-signed certificate can be trusted?TLS: Clarification on trust in the certificate trust chainWhat are the differences of checking a self-signed certificate vs ignore it?Self Signed Certificate in Certificate of Chain
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
According to Why are self signed certificates not trusted and is there a way to make them trusted?, to trust a self-signed certificate we need to import the root certificate into the trust store of the browser. Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file? What instructions should they follow to import that certificate correctly?
trust self-signed
asked Jul 24 at 13:53
ShieldOfSalvationShieldOfSalvation
1337 bronze badges
add a comment |
According to Why are self signed certificates not trusted and is there a way to make them trusted?, to trust a self-signed certificate we need to import the root certificate into the trust store of the browser. Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file? What instructions should they follow to import that certificate correctly?
trust self-signed
asked Jul 24 at 13:53
ShieldOfSalvationShieldOfSalvation
1337 bronze badges
add a comment |
According to Why are self signed certificates not trusted and is there a way to make them trusted?, to trust a self-signed certificate we need to import the root certificate into the trust store of the browser. Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file? What instructions should they follow to import that certificate correctly?
trust self-signed
asked Jul 24 at 13:53
ShieldOfSalvationShieldOfSalvation
1337 bronze badges
According to Why are self signed certificates not trusted and is there a way to make them trusted?, to trust a self-signed certificate we need to import the root certificate into the trust store of the browser. Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file? What instructions should they follow to import that certificate correctly?
trust self-signed
trust self-signed
asked Jul 24 at 13:53
ShieldOfSalvationShieldOfSalvation
1337 bronze badges
asked Jul 24 at 13:53
ShieldOfSalvationShieldOfSalvation
1337 bronze badges
asked Jul 24 at 13:53
ShieldOfSalvationShieldOfSalvation
1337 bronze badges
asked Jul 24 at 13:53
ShieldOfSalvationShieldOfSalvation
1337 bronze badges
asked Jul 24 at 13:53
ShieldOfSalvationShieldOfSalvation
1337 bronze badges
1337 bronze badges
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file?
You need to distribute the certificate, i.e. the *.crt file. The *.key file must be kept secret since this can be used to impersonate the certificate. It is only actually needed on the server.
What instructions should they follow to import that certificate correctly?
There is no generic way to install a certificate. Details depend on OS and client (i.e. different browsers, apps ...).
answered Jul 24 at 15:03
Steffen UllrichSteffen Ullrich
127k17 gold badges223 silver badges290 bronze badges
add a comment |
Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file?
Both self-signed and CA-signed certificates share certain characteristics - they both have a private key that must be kept secret and a signed certificate that contains public key that you share with others. They key difference between CA-signed and self-signed certificates is what key is used to sign the certificate - self-signed certificate uses the private key associated with the certificate to sign it. To make all of this a bit more confusing, Root CAs are also self-signed, to differentiate them from a regular self-signed certificate you need to look at extensions like Basic Constraints.
answered Jul 24 at 16:58
Kirill SinitskiKirill Sinitski
9314 silver badges12 bronze badges
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214044%2fhow-to-trust-a-self-signed-certificate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file?
You need to distribute the certificate, i.e. the *.crt file. The *.key file must be kept secret since this can be used to impersonate the certificate. It is only actually needed on the server.
What instructions should they follow to import that certificate correctly?
There is no generic way to install a certificate. Details depend on OS and client (i.e. different browsers, apps ...).
answered Jul 24 at 15:03
Steffen UllrichSteffen Ullrich
127k17 gold badges223 silver badges290 bronze badges
add a comment |
Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file?
You need to distribute the certificate, i.e. the *.crt file. The *.key file must be kept secret since this can be used to impersonate the certificate. It is only actually needed on the server.
What instructions should they follow to import that certificate correctly?
There is no generic way to install a certificate. Details depend on OS and client (i.e. different browsers, apps ...).
answered Jul 24 at 15:03
Steffen UllrichSteffen Ullrich
127k17 gold badges223 silver badges290 bronze badges
add a comment |
Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file?
You need to distribute the certificate, i.e. the *.crt file. The *.key file must be kept secret since this can be used to impersonate the certificate. It is only actually needed on the server.
What instructions should they follow to import that certificate correctly?
There is no generic way to install a certificate. Details depend on OS and client (i.e. different browsers, apps ...).
answered Jul 24 at 15:03
Steffen UllrichSteffen Ullrich
127k17 gold badges223 silver badges290 bronze badges
Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file?
You need to distribute the certificate, i.e. the *.crt file. The *.key file must be kept secret since this can be used to impersonate the certificate. It is only actually needed on the server.
What instructions should they follow to import that certificate correctly?
There is no generic way to install a certificate. Details depend on OS and client (i.e. different browsers, apps ...).
answered Jul 24 at 15:03
Steffen UllrichSteffen Ullrich
127k17 gold badges223 silver badges290 bronze badges
answered Jul 24 at 15:03
Steffen UllrichSteffen Ullrich
127k17 gold badges223 silver badges290 bronze badges
answered Jul 24 at 15:03
Steffen UllrichSteffen Ullrich
127k17 gold badges223 silver badges290 bronze badges
answered Jul 24 at 15:03
Steffen UllrichSteffen Ullrich
127k17 gold badges223 silver badges290 bronze badges
127k17 gold badges223 silver badges290 bronze badges
add a comment |
add a comment |
Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file?
Both self-signed and CA-signed certificates share certain characteristics - they both have a private key that must be kept secret and a signed certificate that contains public key that you share with others. They key difference between CA-signed and self-signed certificates is what key is used to sign the certificate - self-signed certificate uses the private key associated with the certificate to sign it. To make all of this a bit more confusing, Root CAs are also self-signed, to differentiate them from a regular self-signed certificate you need to look at extensions like Basic Constraints.
answered Jul 24 at 16:58
Kirill SinitskiKirill Sinitski
9314 silver badges12 bronze badges
add a comment |
Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file?
Both self-signed and CA-signed certificates share certain characteristics - they both have a private key that must be kept secret and a signed certificate that contains public key that you share with others. They key difference between CA-signed and self-signed certificates is what key is used to sign the certificate - self-signed certificate uses the private key associated with the certificate to sign it. To make all of this a bit more confusing, Root CAs are also self-signed, to differentiate them from a regular self-signed certificate you need to look at extensions like Basic Constraints.
answered Jul 24 at 16:58
Kirill SinitskiKirill Sinitski
9314 silver badges12 bronze badges
add a comment |
Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file?
Both self-signed and CA-signed certificates share certain characteristics - they both have a private key that must be kept secret and a signed certificate that contains public key that you share with others. They key difference between CA-signed and self-signed certificates is what key is used to sign the certificate - self-signed certificate uses the private key associated with the certificate to sign it. To make all of this a bit more confusing, Root CAs are also self-signed, to differentiate them from a regular self-signed certificate you need to look at extensions like Basic Constraints.
answered Jul 24 at 16:58
Kirill SinitskiKirill Sinitski
9314 silver badges12 bronze badges
Does that mean I must distribute to my clients a file, and is that the *.crt file, the *.csr, or the *.key file?
Both self-signed and CA-signed certificates share certain characteristics - they both have a private key that must be kept secret and a signed certificate that contains public key that you share with others. They key difference between CA-signed and self-signed certificates is what key is used to sign the certificate - self-signed certificate uses the private key associated with the certificate to sign it. To make all of this a bit more confusing, Root CAs are also self-signed, to differentiate them from a regular self-signed certificate you need to look at extensions like Basic Constraints.
answered Jul 24 at 16:58
Kirill SinitskiKirill Sinitski
9314 silver badges12 bronze badges
answered Jul 24 at 16:58
Kirill SinitskiKirill Sinitski
9314 silver badges12 bronze badges
answered Jul 24 at 16:58
Kirill SinitskiKirill Sinitski
9314 silver badges12 bronze badges
answered Jul 24 at 16:58
Kirill SinitskiKirill Sinitski
9314 silver badges12 bronze badges
9314 silver badges12 bronze badges
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214044%2fhow-to-trust-a-self-signed-certificate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
