Include a certificate


#1

Hi,
Question out of scope let’s Encrypt
Is the self-signed certificate can be used elsewhere in the domain that is created by the or there is a way to make it work only in the specified range
I have set up a self-signed , well-functioning certificate, but if one reaches the certificate, it will not be useful
Please kindly respond to my question


#2

can i help my pleas,


#3

I’m not sure I entirely understand your question. Self-signed certificates will not be seen as “valid” by browsers, and you’ll receive the security warnings that make it “not useful” as you say.

Let’s Encrypt does not issue self-signed certificates. Let’s Encrypt issues publicly trusted certificates that are valid for a specific list of domain names. When you request a certificate, your client must perform some form of validation to prove that you control the domain names you are asking to be included on the certificate.


#4

With public certs, the CA that creates them is already trusted by all browsers.
For self-signed certs to be as “useful”, all end-users must manually trust them (or trust the private CA that created them, if a CA was used).


#5

This might be the use case that @mohammed_max is thinking of.

Some organizations like big companies may have an internal CA which issues certificates for the company’s internal servers. If the company controls the employees’ computers, it can pre-install the certificate of the internal CA on the employees’ computers as part of the trusted CA list. Then those computers will accept those certificates as trusted, even though computers outside of the organization wouldn’t. However, this may not matter to the company because it may only intend for the services to be accessed by employees and only using official work computers.

If the organization that issued the certificates doesn’t control the computers where they’re supposed to be used, there is no way to get this to work, which is often called a trust bootstrapping problem. Similarly, your self-signed certificates can never be trusted automatically by computers that you don’t control, which is an intentional feature of web browsers’ design!


#6

That is exactly what I meant
But the question is that I create a self-signed certificate that combines a specific domain and works well. Can the company’s equipment be possible if you get someone who does not have the authority to certify?
I am under threat of detecting traffic and the domain will be unencrypted
I want to command or tools in openssl because I am setting up a certificate that does not work certificate only in Domini only
Knowing that I use the performance openssl
Can help


#7

Sorry, I didn’t understand your question! Could you try to rephrase it?


#8

Maybe writing the question in another language may help.


#9

I creation of a self-signed certificate it is working now
Does anyone have a certificate? Will he work for him or does it work only for me?
I ask if the certificate is self-signed and can be used by someone else in his domain or his Browser
Thank you


#10

No, the self-signed certificate can be used only by browsers that have previously explicitly accepted it. That’s the most important difference between a self-signed certificate and a publicly-trusted certificate.


#11

thanks @schoen choen in this info


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.