Imagine having a couple of hundred of embedded devices in the field that need to
ID: 658177 • Letter: I
Question
Imagine having a couple of hundred of embedded devices in the field that need to be remotely managed over SSH or HTTPS.
These embedded devices are exposed on the internet but are installed at secure locations. They are put in an enclosure that cannot be accessed by unauthorised personnel.
The people that require remote access to these devices are limited, and are dedicated support personel.
What is the risk of using self-signed certificates in this case ? Providing we
- clearly communicate to the people that need to access these systems that these are indeed self-signed server certificates.
- we install the root CA certificate on the clients
Explanation / Answer
Your statements are conflicting: Either you have (your own) root CA to sign all certificates, or all these certificates are only signed by themselves (self-signed) which means there is no root CA.
If all of the machines are managed by the same party then you can use a common trusted root CA for all the certificates. It not only simplifies everything, but it can actually be more secure if all clients used to manage the machines only accept this single CA as trusted and if this CA only issues certificates for this machines. Having self-signed certificates is instead a maintenance nightmare, because you would need to trust each of these certificates explicitly instead of just trusting a single CA.
But, I doubt that you will be able to roll out your own CA in a secure way based on your current knowledge. Since a compromise of your own CA would immediately compromise the certificates of all your machines, I would strongly recommend that you get a recognized (instead of a self-proclaimed) security professional on board to help you with this issue.