tags:

views:

112

answers:

4
+2  Q: 

What is difference between self signed and certificate generated by certification authority

Hi, I want to know the difference between self signed and certificate generated by certification authority.

I can easily create a self signed certificate for domain xyz.com then what is the difference between this certificate and the one generated by CA?

Scenario

Suppose a site xyz.com is secured with a certificate issued to xyz.com and it can be accessed by the clients who have the certificate issued by the site.

I can also create a self signed for xyz.com then how will my server take care of this fake certificate?

+1  A: 

The CA also does some verification that you are who you say you are, so they add an extra level of confidence when using a site. Self signed cert may not also get a full 'padlock' on a client's browser.

Paddy  2010-06-25 12:38:18
+5  A: 

The CA's certificate is already installed in your browser. Then your browser encounters a certificate that claims to be signed by a certain CA it can verify that it was indeed signed by that CA. The CA itself usually verifies your identity in some way or other before signing your certificate.

Your self-signed certificate is just signed by your own CA. No one verified that the certificate actually belongs to the person it claims to belong. You can install your own CA into your browser. That way you won't get those annoying warning messages about the certificate. Other users usually won't have the CA installed and will still get the warning.

Martin Maciaszek  2010-06-25 12:57:17
So suppose there is a secure service at xyz.com. If I create a self signed dummy certificate issued to xyz.com . In this situation, can I expect that the server on which the xyz.com is hosted, will detect my certificate as invalid one?
Ram  2010-06-25 13:04:33
@Ram - The server doesn't care about the certificate; the client is the one who would care.
GalacticCowboy  2010-06-25 13:07:17
Here is the Wiki page with more details about CAs and PKI http://en.wikipedia.org/wiki/Public_key_infrastructure
Matthew Whited  2010-06-25 13:17:58
A: 

There's no difference between the certificates themselves. The important part is that the CA acts as a trusted third party. I.e. the client may not know who you are, but if they trust the CA, and the CA vouches for you, then they can trust you. It is not as much the certificate itself, but the chain of trust the CA provides.

Brian Rasmussen  2010-06-25 13:02:39
A: 

And to complete the other answers the operating system comes preinstalled with some root certificates from Microsoft or other trusted authorities. if your certificate is signed by one of those then no warning will be shown. if a certificate is signed by a CA that the OS does not recognize then it will display a warning.

AZ  2010-06-25 13:07:51

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?