this post was submitted on 03 Aug 2023
427 points (98.0% liked)

Ask Lemmy

26890 readers
1925 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about US Politics. If you need to do this, try [email protected]


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected]. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (1 children)

I think it was a self signed SSL.

Not all SSLs are domain specific. There's wildcard domains (used for subdomains or related domains), and self signed domains, and probably more.

Think like... A liquor store in the middle of nowhere that transmits CC data via internet. They have a SSL. They don't necessarily even have a registered domain.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Self-signed certs are not viable for general use because they’ll generate a browser warning that “Joes Liquor Co is not a trusted Certificate Authority” that will scare off 99% of users. And wildcard certs still need at least one specific domain, e.g. *.joesliquor.com. The only way I can imagine this working is if the vendor was handing out separate servers on client.vendor.com and giving each of them the same SSL cert for *.vendor.com.

[–] [email protected] 2 points 1 year ago

We would do the implementations. It would include Tomcat, IIS, and an out of date version of Internet Explorer. Beyond that, I'm not sure how they were getting by the warnings. All I can tell you is we were issuing one SSL certificate to multiple clients, and that SSL cert lived on our FTP server which had a very weak password.