Hi,
I'm not much related with security, certificates and authentication,
but If anyone can gather our server certificate this way:
echo | openssl s_client -connect ${MY_SERVER}:443 2>&1 | sed -ne
'/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > mycert.pem
How can we avoid a possible hacked DNS server thats makes a domain
name point to a specific IP and the certificate has been planted in
that server IP, and that server is malicious?
Maybe I'm missing some of the security theory, but if we can use a
fake DNS that resolves a name as we want and also we can gather that
certificate to be installed in the fake-server, how can we resolve
this or what precautions we need to take for this? Is it a kind of
private certificate that we can share?
Best regards,
--
If you want freedom, compile the source.
Sebastián Treu
http://labombiya.com.ar
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
