How best to handle the issue of security warnings for a website using certificat

Question

How best to handle the issue of security warnings for a website using certificates from its own CA (ie, selfsigned)?

I am some what torn on how to do this - I have a number of implementaiton thoughts.

On the one hand, I can redirect any incoming http request to an https landing page that explains the need for a one time exception or to install a "trusted" root cert and provide a button to continue to the requested page as https.

However, that seems a bit hokey. My other thought was just to have a security icon of some type on all the web pages, clicking on that would give more or less the same info and suggest the user in the future use https for connection.

There is no e-commerce involved so https is not critical in that sense. Though I personally would prefer to only offer secure connections, I now think it might be better to leave it up to the end user to decide. Either way, I felt it better to explain the dire unsafe certificate warning before any redirections.

Would like your thoughts on this, I'm sure some have gone through this already.

Explanation / Answer

If this is a publicly accessible website, then use a certificate signed by a recognised CA. Downloading a random certificate distributed from the HTTP or the self signed HTTPS site is highly insecure. You are not only compromising the security of your website but also potentially the security of unsuspecting users who installed your root certificate.

Self-signed certificates are only useful in closed system where you have a secure secondary channel to distribute your certificate, where your users can validate with certainty that the certificate that they are about to install actually being to your site. The root certificate itself is a public key and is not considered a secret for HTTPS security, but if you distribute your root certificate through insecure channel, your users have no way to know for sure that the downloadable certificate in your unencrypted site actually belongs to the same site as the encrypted site or if their or your HTTP/self signed HTTPS connection might have already been MITM-ed, and the attacker has replaced your root certificate with the attacker's own root certificate. If the attacker managed to convince your user to install this spoofed root certificate, thinking it was from you, they can now MITM the HTTPS connection that your user thought is a secure connection to your site, without any browser warnings.

In short, use a recognised CA. Or distribute your certificate in such a way that your users can validate that it really is yours.

If you need HTTPS, there is really no reason not to get a certificate from a recognized CA. Some CAs, e.g. StartSSL, now provides basic validation certificates for free for personal sites (unless you are handling potentially illegal materials, which is another matter altogether).

Related Questions

Navigate

• Browse (All)
• Browse H
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.