Certificate signed by an unknown authority issued by F-Secure Freedome Clients. Is this legitimate?

 

Thanks

 

EDIT: Removed picture due to PII

Best Answer

  • LakshLaksh Posts: 4,432 Community Manager
    Accepted Answer

    Hi Shigster,

     

    Yes, it's completely legitimate.

     

    By definition, a self-signed certificate is a certificate which has signed itself. Freedome uses a private certificate authority (CA) which signs the Freedome server certificates; so the server certs themselves are not technically self-signed.
     
    All 3rd party CAs can potentially be either fooled, tricked, or pressured by a local government, to issue fraudulent certificates. It has happened many times, and CAs which were thought to be trustworthy have later turned up to not be trustworthy.
     
    If Freedome used a public CA, our customers would have to trust both F-Secure and the Finnish legal system to be trustworthy, 'and' the 3rd-party CAs chosen by F-secure 'and' their local legal systems too. Since Freedome uses private CAs, the customer only needs to trust F-Secure and Finland. Freedome’s server CA, managed by F-Secure, does not take in certificate signing requests from other customers around the world, so it’ll be quite hard to fool it to sign fraudulent certificates.

    UkkoShigster

Comments

  • Can I get a response from F-Secure please?

  • Thank you very much. I really appreciate the way you explained what was going on including the legal and political entanglements involved. Much of the time we don't see the bigger picture.

This discussion has been closed.