On Fri, Sep 11, 2009 at 02:24:40PM +0700, Zaki Akhmad wrote: > On Fri, Sep 11, 2009 at 2:01 PM, Kevin Ross <ke...@familyross.net> wrote: > > > You (or your clients) will need to manually install the certificate on any > > machine that they use to connect to your server. If they don't, and just > > choose to ignore the warnings, then what is the point of using a > > certificate? However, if manually installing certificates on client > > machines isn't a problem, then there's no reason to shell out money for a > > commercial certificate (which can be as little as $30 a year). > > Yup, the clients should install certificate manually. > > The point of using certificate is that the server and the client using > encrypted protocol instead of unencrypted protocol. So that the > password won't be sent on plain-text format. I want to make, the > protocol is secure. > > (CMIIW). > The benefit of the certificate is two-fold.
1) It encrypts traffic 2) It identifies the server Kevin was pointing out to you that benefit #2 would be lost if your clients do not manually install the certificates and blindly accept the certificate presented to them on first connection. This opens you up to a man-in-the-middle attack, however unlikely that might be. -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
