Comment article (Score 1) 374
if you speak german, there is an interesting article about the consequences of giving a certificate without authenticating the requesting person: http://www.heise.de/newsticker/meldung/56750/
basically they say - since "starcom.org" gives ssl certs even for 3rd party websites - any user installing their CA certificate is vulnerable to man-in-the-middle attacks. this could be interesting for pishing websites; with this kind of certificates they would look even more authentic to the victims.
therefore - if you don't want to spend the money for a versign/thawte/...cert,- i see no point in _not_ using a (openssl) self signed cert
basically they say - since "starcom.org" gives ssl certs even for 3rd party websites - any user installing their CA certificate is vulnerable to man-in-the-middle attacks. this could be interesting for pishing websites; with this kind of certificates they would look even more authentic to the victims.
therefore - if you don't want to spend the money for a versign/thawte/...cert,- i see no point in _not_ using a (openssl) self signed cert
