On Wed, Mar 31, 2010 at 02:55:04PM -0400, piper.guy1 wrote: > > Now, as a newbie to security, what's my risk exposure? The risk is similar to that of a passphrase: if an attacker can access the ssl key file they can decrypt the traffic, and authenticate to the server. A certificate does have an advantage over a passphrase as you can easily give every device a unique certificate and key. If one key is compromised then only that key and encrypted traffic are compromised not the whole system. You can easily revoke a single certificate at the server. It is also easier for the client to authenticate the server when using certificates. Setting up a local CA to generate your certificates is not the easiest at first. But once setup it is easy to use. There are lots of howtos on the Internet. -- sg