Is it wrong to import a self-signed certificate into the "Trusted Root Certification Authorities" store?


Mona

I have created a self signed certificate to sign my program. I noticed that the certificate is imported using:

certutil.exe -addstore root "Tmp.crt"

Make UAC warnings "friendlier" (show the publisher name without paying hundreds of dollars to the certificate authority).

My program is dedicated to a small group of people. Is it safe to create a prompt asking the user if they want to install the certificate into the Trusted Root Certification Authorities store? Assuming they trust the program enough to allow starting with administrative rights.

don't know

If they import and trust your self-signed certificate, they are explicitly asked to trust you.

If you use a code signing certificate from an "official" (=paid) certificate authority, they won't be asked to explicitly trust you, but they will implicitly trust your certificate through that certificate authority. They are never asked if they trust the permission, because the OS trusts it.

As a result, I don't see it being any less secure to trust your self-signed certificate than to rely on someone else's decision to trust a certificate authority's decision. The only downside is that it can upset users by asking them things they aren't usually asked.

You can increase security by having the program check the certificate it was signed with to make sure it was indeed signed by you.

Related


nodejs - wrong self signed certificate in certificate chain

Doyle: I'm having issues with client side https requests. Fragments can look like this: var fs = require('fs'); var https = require('https'); var options = { hostname: 'someHostName.com', port: 443, path: '/path', method: 'GET', key: fs.re

nodejs - wrong self signed certificate in certificate chain

Doyle: I'm having issues with client side https requests. Fragments can look like this: var fs = require('fs'); var https = require('https'); var options = { hostname: 'someHostName.com', port: 443, path: '/path', method: 'GET', key: fs.re

nodejs - wrong self signed certificate in certificate chain

Doyle: I'm having issues with client side https requests. Fragments can look like this: var fs = require('fs'); var https = require('https'); var options = { hostname: 'someHostName.com', port: 443, path: '/path', method: 'GET', key: fs.re

Import Self-Signed SSL Certificate on MacOS

Ryan Bell I generated a self signed certificate with openssl and added it to my linux server. Then I imported the certificate with Keychain Access on the Mac into the system keychain using the setting "Always Trust". However, when I view the page in Chrome, I

Import Self-Signed SSL Certificate on MacOS

Ryan Bell I generated a self signed certificate with openssl and added it to my linux server. Then I imported the certificate with Keychain Access on the Mac into the system keychain using the setting "Always Trust". However, when I view the page in Chrome, I

Import a certificate using self-signed in AWS

Melasu AWS ELB supports having multiple certificates, I can add multiple certificates (Amazon issued certificates and some signed by a private CA in AWS). I have some self-signed private certificates that I have successfully imported and would like to use them

Import Self-Signed SSL Certificate on MacOS

Ryan Bell I generated a self signed certificate with openssl and added it to my linux server. Then I imported the certificate with Keychain Access on the Mac into the system keychain using the setting "Always Trust". However, when I view the page in Chrome, I

MacOS Jenkins: Locate JRE and import self-signed certificate

learning spirit Newbie here with macOS. We installed Jenkins on MacOS. I need to know which JREs and cacerts it uses, because I need to import the self-signed certificate of GitHub Enterprise Server for integration. I have an SSL error and am trying to follow

TLS with self-signed certificate

breakdown I am trying to establish a TLS connection using a self signed server certificate. I generated the certificate using the following sample code : http://golang.org/src/pkg/crypto/tls/generate_cert.go My relevant client code looks like this: // server c

Self signed certificate in spring boot

j I'm trying to get a Spring-Boot server up and running, which provides some security over SSL. I followed steps 1 and 2 of this guide to get a self-signed certificate and was able to access my website via . This looks like this:httpsapplication.properties ser

AFNetwork with self-signed certificate

give him the cd I'm trying to setup a self-signed SSL certificate for an IOS app with a REST backend. My question is when should I use [securityPolicy setAllowInvalidCertificates:YES]; when to use self-signed certificates? No and don't have a trusted certifica

Self-signed certificate on iOS

Duncan https://cordova.apache.org/docs/en/8.x/guide/appdev/security/index.html mentions The reason is that accepting a self-signed certificate bypasses certificate chain verification, making the device think any server certificate is valid. Does this mean that

TLS with self-signed certificate

Zapp I am trying to establish a TLS connection using a self signed server certificate. I generated the certificate using the following sample code : http://golang.org/src/pkg/crypto/tls/generate_cert.go My relevant client code looks like this: // server cert i

Self-signed certificate for localhost

winter soldier my machine localhost image I've created a self-signed Apache certificate for localhost, but I'm getting a red https (insecure connection). How can I make it green https. Bellagose You're using a self-signed certificate, so by default browsers wo

Self-signed certificate with CA

Jawad-Dev: I am working on a solution for file encryption via a combination of RSA and AES. RSA is basically used here for a handshake to encrypt a symmetric key and decrypt with the key pair at the receiver side. I have used Java keystore for private key and

Self-signed certificate with CA

Jawad-Dev: I am working on a solution for file encryption via a combination of RSA and AES. RSA is basically used here for a handshake to encrypt a symmetric key and decrypt with the key pair at the receiver side. I have used Java keystore for private key and

TLS with self-signed certificate

breakdown I am trying to establish a TLS connection using a self signed server certificate. I generated the certificate using the following sample code : http://golang.org/src/pkg/crypto/tls/generate_cert.go My relevant client code looks like this: // server c