Hi, A certificate is not secret information itself. It may be distributed over LAN or Internet as free. A certificate doesn't contain a private key. A certificate can not be stolen.
Every certificate has a special field inside it - fingerprint. This field contain sha-1 or md5 digest value which must be unique. You could use this fingerprint to decide whether certificate is trusted or not. Good luck! 14.04.2014 13:44 пользователь "drkmkzs" <drkm...@gmail.com> написал: > Hello > > I have some generic questions about usage of openssl for https; i'm not > into security, and i 'dont know very well openssl, so maybe my questions > will appear a little noob, sorry if it does > > Just for info, i'm developping a client app that have to interact with > server. I'm on linux and windows, in c++, using libneon. > > I have to discuss with a server using a self signed certificate (server > and clients will be in a LAN, not over internet). I know how to check in my > app whether the certificate is valid or not, as it is self-signed and as i > didn't configurate nothing special on client side, it is not (not CA > trusted). > > I plan to let user decide whether they want to trust or not, allowing them > to add exception (exactly as browsers do) > - My first question is : is it safe to store the server certificate on > client side, in order to compare it ? I guess it's not since it could be > stolen from client side ? > > a solution would be to store it as md5 ? Then at each connection, get > server certificate, compute md5 and compare ? > > And if I decided to declare that certificate as safe, I have to put the > server certificate as CA certified on client installation, as in link > http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl ? > But in that way too it could be stolen from client side, am I wrong ? > > Hope my questions are clear, > > Thanx in advance for help :) > >
