22 lines
910 B
Plaintext
22 lines
910 B
Plaintext
Addressing the vulnerability of disabled TLS certificate validation primarily
|
|
involves re-enabling the default validation.
|
|
|
|
To avoid running into problems with invalid certificates, consider the following
|
|
sections.
|
|
|
|
==== Using trusted certificates
|
|
|
|
If possible, always use a certificate issued by a well-known, trusted CA for
|
|
your server. Most programming environments come with a predefined list of
|
|
trusted root CAs, and certificates issued by these authorities are validated
|
|
automatically. This is the best practice, and it requires no additional code or
|
|
configuration.
|
|
|
|
==== Working with self-signed certificates or non-standard CAs
|
|
|
|
In some cases, you might need to work with a server using a self-signed
|
|
certificate, or a certificate issued by a CA not included in your trusted roots.
|
|
Rather than disabling certificate validation in your code, you can add the
|
|
necessary certificates to your trust store.
|
|
|