Le sam. 29 août 2020 à 09:05, Darryl Philip Baker < darryl.ba...@northwestern.edu> a écrit :
> I will argue that you can use self-signed certificates in production if > and only if you own and fully control both servers engaged in transaction > as well as all of the connection fabric between the servers. If these > conditions are true and someone can execute a man-in-middle attack, I will > assert that your environment are already so compromised the attack is > almost meaningless. On the other hand, using a self-signed certificate with > an expiry of greater than 398 days in a situation as this means that you > can free up people's time to do other work other than maintaining a hidden > certificate. And setting up automation to renew said certificate such as > this, adds an increased level of complexity as well as an additional point > of failure to the equation. > > > Darryl Baker, GSEC (he/him/his) > Sr. System Administrator > (...) It all depends on the size of your environment and how you use Tomcat. Having over 30 servers and thousands of users, self-signed certificates cannot just be a solution. You have to have each self-signed certificate on each client accessing the environment to override the security warning message (in fact, I am not sure it will even go away). Telling your users to ignore the warning is just not the thing to do since next time they see the message in another context they may just accept the insecure connection. And with over 30 servers, automation makes sense for me. Even for people without the expertise, the Let's Encrypt Certificate Authority provides short life certificates that are replaced automatically and it works fine. Getting a properly signed certificate these days is not the hassle it was, in fact it may just be easier than issuing a self-signed certificate. Anyway, it is up to you to decide what you want and if your question is finally just about what RedHat is doing with that file, you may be better served on a RedHat discussion list since it ends up being a RedHat only question having nothing to do with Tomcat itself. From the Tomcat point of view, you can only copy the file somewhere else where the RedHat scripts, update procedures will not touch it and let Tomcat know where it is. Regards, ----------------- Daniel Savard
