Lance Fisher
Reputation: 25813
Should I use self-signed certificates in general? For SVN in particular?
How secure is it to use self-signed certificates? As far as I understand it, an attacker could pretend to be my server if I don't have a certificate from an authority. Is this much of a risk?
Should I buy a certificate for Subversion?
Upvotes: 4
Views: 811
Answers (1)
Mykroft
Reputation: 13435
There's no real harm in using self signed certs for in house projects as long as everyone is aware. From a security standpoint you may want to distribute the cert to your users so that they can ensure it's valid when they make the initial connection. There's no reason to pay for a cert in this case. A self signed cert provides the same level of cryptographic protection as a paid cert it just isn't automatically trusted by the client program.
Upvotes: 8
Related Questions
- When is it acceptable to use self-sign cert in production?
- Is it actually safer to use self signed certificate than trusted certificate in the case of custom client software?
- Should I commit self-signed certificates to source control?
- Understanding SSL: Self-signed vs Certified
- About Self-Signed SSL
- ignore self-signed, expired ssl certificate in tortoise svn
- VisualSVN Server self-signed certificate
- Coda SVN with self signed SSL
- Using a cert with svn
- Setting up SVN - Web based services VS your own SVN server