1,234
edits
Changes
→Client communicating with server
[[File:BrowserCA.png|800px|border|center]]
== Self-signed certificates ==
Options exist if you need encrypted communication to your web or email server but you're not willing to pay for a CA or deal with the complexities required by Let's Encrypt:
# You can self-sign a certificate, and add that certificate directly into your client software. If you have full control over all your client software: this is more secure and reliable than using a typical CA.
# You can set up your own certificate authority (it takes one command to do that) to sign whatever certificates you want, and configure your client software to trust your CA. Again, this is more secure and reliable than relying on potentially untrustworthy CAs.
We won't be doing either of those techniques in this course because their application requires closer knowledge of the business where they're used, and therefore it's too specific for this course.
= HTTPS for your web server =
