What are self-signed SSL certificates and their disadvantages
What is a self-signed SSL certificate?
Self-signed variants are mostly used for sites and applications under testing. They can also be applied to smaller websites that do not contain any valuable data under the possible risk of attack. Resources that have high traffiс or collect personal user data should be identified strictly by reliable certificates.
You can create unlimited self-signed certificate versions. However, site visitors will always receive warnings of this kind:
The conclusion is evident: to attract visitors, you should apply only reliable certificates signed by popular authorized centers. Their root certificates are included in any browser that signals users about encryption security.
Types of self-signed SSL certificates
Setting up a self-signed SSL certificate with OpenSSL imposes using the following commands:
out /home/devuser/cert/cert.crt — certificate location;
newkey rsa:2048 — automatic key development in case you do not have any;
req-x509 — self-signed certificate generating request;
keyout /home/devuser/cert/mykey.key — key generating request.
Having entered the password, you need to type in the description of your server. If you want to leave certain parameters blank - put a point mark «.» at the end of the command string:
Creating a self-signed certificate with PowerShell utility for Windows requires entering the following command:
This is how a self-signed certificate looks in Nginx server:
In Apache server, self-signed certificate appears in the following way:
Pros and cons of self-signed SSL certificates
The green badge with centre logo will appear on your site when the identification is successfully completed. This factor remarkably encourages user trust.
However, this data is at risk of attack by third parties and cannot be recalled. Besides, web resources protected by self-signed certificates will keep on reporting an insecure connection which will negatively influence the traffic of the site.
The use of self-signed certificates is acceptable for tested resources and minor companies' websites provided that the staff is informed about the insecure connection matter. Commercial resources with high traffic should be identified only by reliable certification centers.
You can receive a free-of-charge certificate with a subscription that will function until you are ready to purchase the paid version. Read more about free certificates.
|Run Site Audit|
Learn how to get the most out of Serpstat
Want to get a personal demo, trial period or bunch of successful use cases?
Send a request and our expert will contact you ;)
Cases, lifehacks, researches and useful articles
Don’t you have time to follow the news? No worries!
Our editor Stacy will choose articles that will definitely help you with your work. Join our cozy community :)