'What happens when you return a self-signed certificate to the browser
In embedded software with web interfaces, it’s difficult to optain a trusted certificate for TLS.
So instead of greeting our users with a browser warning, I’m wondering whether we could ask the user to install the certificate in their browser before switching the connection to TLS.
Hence my question: What happens if you deliver a self-signed certificate to a browser via HTTP?
Typically, CAs would return your valid certificate directly to the browser, which installs it. So what happens when you do the same with an untrusted one?
Solution 1:[1]
Hence my question: What happens if you deliver a self-signed certificate to a browser via HTTP?
Depends on the browser and platform. It might just result in some download, might result in starting a certificate viewer ...
Typically, CAs would return your valid certificate directly to the browser, which installs it.
That's not how it works. The browser will not blindly trust a certificate send by the server. It will check if the certificate is issued by a trusted CA, which is contained in the local trust store. The browser will not "install" anything.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Steffen Ullrich |