Self-signed certificate.
Jiang, Qinglin
qjiang at verisign.com
Wed Dec 7 11:43:24 EST 2005
I noticed that nessus doesn't produce a warning when there's a
self-signed ssl certificate.
Users will normally accept a self-signed certificate.
In terms of security I wouldn't say that's a secure practice because
it's subject to man-in-the-middle attack.
For personal use it seems to be OK but for commercial purposes, it's
bad.
Well it seems not a lot of people care about it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.nessus.org/pipermail/nessus/attachments/20051207/f8cc2d6b/attachment.html
More information about the Nessus
mailing list