IU Definition of self signed SSL certificate?

I’m doing the IU for 7.9 and I encountered this question:

Ignition will generate a Genuine SSL Certificate when SSL is enabled.

The “correct” answer is false. However I’d argue that the correct answer is true. A self signed certificate is a valid SSL certificate, but it is only lacking being signed by some external (trusted) CA. It still provides for HTTPS functionality.

Note however that I am not suggesting that a self signed cert provides the same level of security as a CS signed cert, or ensures that the resource you are connecting to is the resource you expect to be connecting to.

Can someone disavow me of my belief?

I’m not aware of “genuine” having any standardized meaning for SSL certificates, so I’m inclined to agree with you, and I think the question should be re-worded to better suggest the certificate is one signed by a CA recognized by the CA/Browser Forum or something like that, i.e. a certificate that would be recognized and trusted by any browser.

(at which point the correct answer would be “false”)

I agree that the wording of the question is suspect. I think it would be better replaced with something like:

When SSL is selected, Ignition will create a self signed certificate by default

To me this is more in the spirit of what you should be taking away when studying security.

I made someone in the training department aware of this thread, perhaps we’ll see a change to this question in the future.

I’ll set a reminder to look in a year or two … lol

Just kidding. I think that the training department is doing a fantastic job. And I’m always blown away by the quality of the videos etc.

Jokes on you. I already updated the question :smile:

Silliness aside, thanks for letting us know! We appreciate the input.

1 Like

Damn you responsive, customer focused company … you keep pulling this sort of shenanigans and I’ll have to … have to … recommend you again :rofl: