based on answer: https://stackoverflow.com/a/3107645/1559672 it's possible set ssl connection without user verification.
i think answer question yes can't find confirm/reject it.
the idea server has certificate client can verify via ca. client generates secret , encrypts server's public key. based on shared secret generate 'key material' encryption/decryption. after have secured connection, client can verify username/password.
is possible this? if yes, please show me example or proof. if not, why not?
the reason of confusion because of rabbitmq doc: rabbitmq.com/ssl.html "connecting without validating certificates" 's example code doesnt define server certificates or rootcas accepted. (rabbitmq cert self signed) don't how tls set without that?
encryption not depend on certificates. , self-signed certificate still valid certificate.
the purpose of certificates prove identity of remote peer. can sure you're talking server think you're talking , connection isn't being hijacked? ensured server presenting certificate have (public/private key crypto validates this, server should have private key certificate; trust/security here depends on server keeping private key itself).
how trust certificate? well, may have copy of in trusted certificate store. you'd self-signed certificate: put in trusted store; since (presumably) know came from, it's trustworthy.
since unrealistic every public site on web, public key infrastructure exists allows trust limited known number of certificate authorities can sign certificates of arbitrary unknown parties, , can indirectly trust heretofore unknown certificates.
having said this, encryption separate component , encrypted, secured connection can set or without identity verification certificates provide.
Comments
Post a Comment