Forum Discussion

wbocash's avatar
wbocash
New Contributor
7 years ago
Solved

Clients create Self-signed CA Certificate

Is there a way to stop clients from creating a self-signed CA certificate. Problem is that they are not publically trusted so we are inundated with security vulnerabilties.
  • GlennD's avatar
    GlennD
    2 years ago

    The self signed certificate in LogMeIn is used in these cases:
     

    • host credentials are encrypted by the host's public key and saved on the clients or in the browser for:
    • autologin
    • One2Many tasks (Central)

    Since encrypted with the hosts public key (prior saving it) only the host can decrypt them with its own private key.
     

    • for end-to-end encryption between the native client (Remote Control, File Manager) and the host. The client receives the host's cert in a secure channel, so it can trust it even it is self signed.

    The port 2002 is used only locally in LogMeIn. The host service accepts connection from the system tray icon applet and provides some information about the state of the service

     

GlennD's avatar
GlennD
GoTo Manager
2 years ago

The self signed certificate in LogMeIn is used in these cases:
 

  • host credentials are encrypted by the host's public key and saved on the clients or in the browser for:
  • autologin
  • One2Many tasks (Central)

Since encrypted with the hosts public key (prior saving it) only the host can decrypt them with its own private key.
 

  • for end-to-end encryption between the native client (Remote Control, File Manager) and the host. The client receives the host's cert in a secure channel, so it can trust it even it is self signed.

The port 2002 is used only locally in LogMeIn. The host service accepts connection from the system tray icon applet and provides some information about the state of the service

 

HappyHippo's avatar
HappyHippo
Contributor
2 years ago
Thanks for this post. Following a security test I completed, TCP 2002 was returning an unexpected response with TLS1.2 and a certificate. Having looked into this I believe this is the reason!