What's the story with SSL & Lets Encrypt?

ssl
offtopic
letsencrypt

#1

Ever since my first seedbox, I’ve always been provided with an SSL certificate. Whether that’s from the seedbox provider, or through lets encrypt.

My question is, Why if I use a self signed cert does Chrome have a bitch fit, but if I use letsencrypt it’s all relaxed. Surely from the encryption perspective, a self signed cert would be better because NOBODY would have access to the private key etc.

As for Identity, if it’s because public certs verify identity in some way, then why is Lets Encrypt able to get round this, I didn’t verify my identity go get the encryption.

I’m not complaining, I love not having to see that horrible WARNING, CLICK TO PROCEED warning in chrome, I’m just genuinely curious how the industry got to this point.


#2

It’s due to the self-signed certificates not being signed by a verified issuer/authority. Essentially, it’s a browser courtesy notice that the certificate is not valid and could potentially be signed from a nefarious source, wherein they can man-in-the-middle your data. Obviously this isn’t the case with the self-signed certificates created from apache/openssl within the QuickBox installs.


#3

Is this what the whole certificate authority is about?

I’m assuming you mean:
Site provides cert
client reads the authority, gives the key (or something like that) to lets encrypt
lets encrypt confirm it’s the correct server
green padlock?

Or is it some other way of preventing man in the middle?


#4

Well, it’s not saying a man-in-the-middle will happen. This can happen with a valid certificate as well. It’s more known to happen with fake implementations of self-signed certificates on compromised servers and/or connections of said servers.

Pretty much it!
Without a valid authority signing the certificates, you’ll get these warnings.


#5

You’re always so helpful! How’s the tweaks to the dashboard coming along? Anything new for me to try and break my box with today?


#6

Haha! You would ask that wouldn’t you! :stuck_out_tongue:

I should have a few things available for breaking later today. :slight_smile: