Would anybody know how to make your own ssl certs?

I'm not sure how they are made, you will probably find a lot of information about them by using google.

I just wanted to note that a self signed SSL certs will cause an error message to show up in the browser and are prone to man in the middle attacks.

I just wanted to note that a self signed SSL certs will cause an error message to show up in the browser and are prone to man in the middle attacks.

Are you saying that a self signed cert is more prone to "man in the middle" attack than a purchased cert? Please explain further.

Also, on a more general note, can anyone point me to a link of a documented case of a "man in the middle" attack? I can see this attack occuring if you have access to a router close to one of the ends, but a real "man in the middle" attack, it looks good in theory, but I've never seen a documented case.

openssl genrsa -des3 -out domainname.key 1024

Creating a private key without file encryption:

openssl genrsa -out domainname.key 1024

openssl req -new -key domainname.key -out domainname.csr

Was it OpenSSL or OpenSSH that had the security hole found in it recently?

Originally posted by Studio64
Was it OpenSSL or OpenSSH that had the security hole found in it recently?
OpenSSL had the vulnerabilities recently:
http://www.cert.org/advisories/CA-2002-23.html

OpenSSH was trojaned recently:
http://www.cert.org/advisories/CA-2002-24.html

Originally posted by driverdave


Are you saying that a self signed cert is more prone to "man in the middle" attack than a purchased cert? Please explain further.


Yes. I'm not sure which one of them, but either your public key or your IP address (or both) is stored in your certificate. This will make a man in the middle attack impossible, unless they can get their own certificate with their own public key/IP address in your name (which means that there is a big problem in the CA).



Also, on a more general note, can anyone point me to a link of a documented case of a "man in the middle" attack? I can see this attack occuring if you have access to a router close to one of the ends, but a real "man in the middle" attack, it looks good in theory, but I've never seen a documented case.

I don't currently have a link or something, but a man in the middle attack can be done anywhere there is a vulnerable DNS server. Say for example, I hack into my ISP's DNS server and change the IP address for Amazon.com to point to my own server.

Then I can act as a man in the middle between Amazon and the client. So anything he sends me I send to Amazon, anything I get from Amazon I send back to him.