Certificate signed by an unknown authority issued by F-Secure Freedome Clients. Is this legitimate?
Accepted Answer
-
Laksh
Posts: 4,444 Community Manager
Hi Shigster,
Yes, it's completely legitimate.
By definition, a self-signed certificate is a certificate which has signed itself. Freedome uses a private certificate authority (CA) which signs the Freedome server certificates; so the server certs themselves are not technically self-signed.
All 3rd party CAs can potentially be either fooled, tricked, or pressured by a local government, to issue fraudulent certificates. It has happened many times, and CAs which were thought to be trustworthy have later turned up to not be trustworthy.
If Freedome used a public CA, our customers would have to trust both F-Secure and the Finnish legal system to be trustworthy, 'and' the 3rd-party CAs chosen by F-secure 'and' their local legal systems too. Since Freedome uses private CAs, the customer only needs to trust F-Secure and Finland. Freedome’s server CA, managed by F-Secure, does not take in certificate signing requests from other customers around the world, so it’ll be quite hard to fool it to sign fraudulent certificates.
7 2Like
Comments
Can I get a response from F-Secure please?
Thank you very much. I really appreciate the way you explained what was going on including the legal and political entanglements involved. Much of the time we don't see the bigger picture.