Is An SSL Certificate Required for Secure Encryption

StackOverflow https://stackoverflow.com/questions/21481659

Question

I can't find the answer to this question online:

I have set an apache server with mod_ssl, using the guide at the bottom here:

https://help.ubuntu.com/10.04/serverguide/httpd.html

I am only using this privately to login to PHPMyAdmin and other control panels.

Using only SSL, is my connection securely encrypted, so logins are not passed as plain text? Or do I need a self-signed certificate?

Google Chrome says there is a certificate, but that it does not match the URL and that it is not trusted.

Was it helpful?

Solution

That tutorial says:

The default HTTPS configuration will use a certificate and key generated by the ssl-cert package. They are good for testing, but the auto-generated certificate and key should be replaced by a certificate specific to the site or server.

This means, that's there's a default certificate involved. You should generate your own certificate for personal use and look for nasty things when it changes during your connections. You can do that with tools like OpenSSL. If you want to secure a public site, you would need to buy a certificate from a respected authority, so plain users wouldn't be bothered to add the certificate to their browsers and they would also not track if that thing changes.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top