Hmm good point… you would need the ca to sign off on it self signed doesn’t work… it’s just a file though right? Couldn’t you rip it from the real server?
it’s just a file though right? Couldn’t you rip it from the real server?
No, that’s not how TLS works. The certificate is not exposed to the internet unless the admins of the webserver are extremely incompetent. That would defeat the entire purpose, not only could you impersonate the server, but the encryption would also be futile since anyone would have access to the private key.
Hmm good point… you would need the ca to sign off on it self signed doesn’t work… it’s just a file though right? Couldn’t you rip it from the real server?
No, that’s not how TLS works. The certificate is not exposed to the internet unless the admins of the webserver are extremely incompetent. That would defeat the entire purpose, not only could you impersonate the server, but the encryption would also be futile since anyone would have access to the private key.
Oh so it is like a 3 way handshake every time then