Validate Server Certificate recommendation

Unanswered Question
Nov 5th, 2007
User Badges:

I understand that it is probably recommended from a security standpoint to ensure "validate server certificate" is checked on each client and that either a self-signed or Trusted CA (Verisign) certificate be employed.

Can someone give me an example of security risks when validation is not enabled?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
andrew.brazier@... Tue, 11/06/2007 - 08:16
User Badges:
  • Bronze, 100 points or more

You're vulnerable to man-in-the middle attacks as your clients aren't validating that the server is who it says it is.


This Discussion



Trending Topics - Security & Network