User Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
ssl [2021/11/16 06:09]
62.210.143.10 old revision restored (2017/03/18 15:12)
ssl [2021/12/24 18:19] (current)
154.54.249.196 old revision restored (2017/03/18 15:19)
Line 14: Line 14:
 {{:pasted:20170318-024757.png}} {{:pasted:20170318-024757.png}}
  
-At first glance this looks like we have a serious security problem. Is someone snooping on our communications? Do we actually have a good certificate and keys? Is Photonic3d a typical browser trusted Root CA? Is our communications really encrypted? Let's dig in a bit deeper to see if we can answer these questions and try to determine what our browser is really trying to tell us.+At first glance this looks like we have a serious security problem. Is someone snooping on our communications? Does Photonic3D actually use a good certificate and keys? Is Photonic3d a typical browser trusted Root CA? Is our communications really encrypted? Let's dig in a bit deeper to see if we can answer these questions and try to determine what our browser is really trying to tell us.
  
 **Is Photonic3d a typical browser trusted Root CA?** **Is Photonic3d a typical browser trusted Root CA?**
-Yes. The most important "clue" is the error that Chrome is reporting: ERR_CERT_AUTHORITY_INVALID. This error pretty much sums up everything that I mentioned previously. The error basically says someone just created a certificate and it doesn't believe the person that created the certificate has any authority to determine the identity of the certificate. Well it's right. Photonic3D created it's own certificate and since you didn't pay a root certificate authority to validate your phone number and your address, your browser doesn't trust your certificate. Browsers only trust authorities that have had their identity verified.+No. The most important "clue" is the error that Chrome is reporting: ERR_CERT_AUTHORITY_INVALID. This error pretty much sums up everything that I mentioned previously. The error basically says someone just created a certificate and it doesn't believe the person that created the certificate has any authority to determine the identity of the certificate. Well it's right. Photonic3D created it's own certificate and since you didn't pay a root certificate authority to validate your phone number and your address, your browser doesn't trust your certificate. Browsers only trust authorities that have had their identity verified.
    
 **Is someone snooping on our communications?** **Is someone snooping on our communications?**
Line 37: Line 37:
 {{:pasted:20170318-135427.png}} {{:pasted:20170318-135427.png}}
  
-They are the same hash. Perfect, that means there aren't any intruders peeking into our communications. Now it's still possible that someone can logon to your box and steal your private key and cert, so you still need to have proper security measures in place to ensure that doesn't happen. This is why we ask you to change your ssh password when you perform an install of Photonic3D.+They are the same hash. Perfect, that means there aren't any intruders peeking into our communications. Now it's still possible that someone can logon to your box and steal your private key and cert, so you still need to have proper security measures in place to ensure that doesn't happen. This is why the Photonic Client ssh password when you perform an install of Photonic3D.
  
-**Do we actually have a good certificate and keys?** +**Does Photonic3D actually use a good certificate and keys?**
-**Is our communications really encrypted?**+
  
-Yes and Yes. Just trust your browser to tell you how strong the certificate is and if the connection is encrypted. Notice the paragraph:+Yes
 + 
 +**Is our communications really encrypted?**  
 +And Yes. Just trust your browser to tell you how strong the certificate is and if the connection is encrypted. Notice the paragraph:
  
 `The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).` `The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).`