If I verify the fingerprint of a self-signed SSL certificate on the client, can a man-in-the-middle attack still occur?
Asked
Active
Viewed 326 times
2 Answers
6
Only if they manage to actually reproduce the fingerprint, which is much, much harder.
The Fingerprint is actually the most reliable method of determining a certificate is what it should be. It's just ignored by just about everyone.
sysadmin1138
- 135,853
5
A self signed certificate is just as "secure" as a CA issued certificate given the same cryptographic specifications. All the same vulnerabilities and strengths are there.
The only difference is that clients generally have a preconfigured list of trusted CAs and will not ask, where they'll always initially ask for self-signed. Which it sounds like you're already aware of.
Chris S
- 78,455