SSL Certificate

Understanding Self-Signed Certificates

July 7, 2017 | By Kimberly Reynolds

SSL Certificates offer trust and security. SSL Certificates ensure online users communicate only with the intended recipient and not any malicious hacker impersonating or posing as the intended recipient (Trust). They also ensure that the information transferred by online users reaches the intended recipient and is not robbed by hackers along the way (Security). Yes having an SSL Certificate for websites (intended recipients) definitely increases their online reputation, but these certificates are also usually high-priced, forcing website owners to search for other cheaper security alternatives.

Understanding Self-Signed Certificates

Ever Heard about Self-Signed SSL Certificates?

Self-Signed SSL Certificates, as the name suggests, are SSL Certificates which are ‘self-signed’ or ‘self-certified’ by the creators of the SSL certificate themselves instead of relying on a professional third-party service – popularly known as Certificate Authority – for vouching for their identity. Simply put, these self-signed SSL Certificates are created in house by using tools like OpenSSL. And are they on par with Certificate Authority (CA) certified SSL Certificates? Unfortunately no.

When can you use them?

These certificates should be used strictly for only internal LAN-only services (internal servers). To give an example, internal sites like ‘an employee’s web portal within an organization’ can contain a self-signed SSL Certificate. Any web server (or website) dealing with the public needs to have an SSL Certificate properly signed by a professional certifying authority to ensure its safety as well as the safety of the public.

Creating Self-Signed SSL Certificates is Not That Easy.

Creating self-signed SSL Certificates can be challenging. You should ensure absolute security for your issuing certificate authority server. Not only does your CA server need security from nefarious network traffic but you should also make sure that it is housed in a location which doesn’t lend access to just about anyone. Because every employer shouldn’t get access to your CA server. Why? If your CA root certificate falls into the wrong hands, your internal LAN-only services (or internal server) can get into trouble.

Even after doing all this, if you are planning for a self-signed SSL Certificate for your public website (which you should never think of doing), popular web browsers out there will try their best to keep visitors away from your website via scary warnings which would suggest your website is not a safe place to be for online users. So all that effort will go down the drain – along with your online reputation.

Dangers These Certificates Pose.

1. Man-in-the-Middle Attack: When someone (malicious hacker) successfully intrudes into a communication between two parties and modifies it to their benefit, such an attack is known as the Man-in-the-Middle attack. And if your website uses a self-signed certificate, then that “man in the middle” will be able to easily impersonate that certificate, pose as you to online users, and swindle away their money.

2. Can Lead to Bad Online Practices: When someone employs self-signed SSL Certificates, even for the intranet or internal server, chances are the web browsers might not accept them readily and instead display a pop-up. And those using that website will be advised to ignore that pop-up and carry on accessing the web server. [example: employee web portal in an organization]. But doing so can in the longer run, become a habit and may lead to online users ignoring serious pop-ups when they are online as well.

Buy SSL Certificate

Posted in SSL Certificate

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory