This site uses cookies and other tracking technologies to make possible your usage of the website, assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide better user experience.

By using the website, you agree to our Privacy policy

Accept and continue

Report a bug

Cancel
81
How-to 6 min read September 20, 2019

What are self-signed SSL certificates and their disadvantages

A self-signed SSL certificate does not provide sufficient protection to the data sent by a browser to the server. Unlike the certificates issued by reliable certification authorities, the identity of a self-signed SSL is verified by its owner.

What is a self-signed SSL certificate?

Technically, this certificate functions the same as the authorized variants. What makes it different is the signature which verifies its identity.

Self-signed variants are mostly used for sites and applications under testing. They can also be applied to smaller websites that do not contain any valuable data under the possible risk of attack. Resources that have high traffiс or collect personal user data should be identified strictly by reliable certificates.

You can create unlimited self-signed certificate versions. However, site visitors will always receive warnings of this kind:
Problem with this website's security certificate
Such messages repel users. Most of the potential visitors will choose to stay away from unreliable sites that will result in significant traffic decrease.

The conclusion is evident: to attract visitors, you should apply only reliable certificates signed by popular authorized centers. Their root certificates are included in any browser that signals users about encryption security.

Types of self-signed SSL certificates

Self-signed certificates can be created manually using special programs and libraries. For example, there is Windows-supported software like OpenSSL software bank or PowerShell console. These tools allow generating SSL certificates, creating open and private keys.

Setting up a self-signed SSL certificate with OpenSSL imposes using the following commands:

out /home/devuser/cert/cert.crt — certificate location;
newkey rsa:2048 — automatic key development in case you do not have any;
req-x509 — self-signed certificate generating request;
keyout /home/devuser/cert/mykey.key — key generating request.

Having entered the password, you need to type in the description of your server. If you want to leave certain parameters blank - put a point mark «.» at the end of the command string:
How to create SSL certificate via OpenSSL
In your browser, you may specify that the implied certificate is secure. Thus, you will avoid popping up of the "insecure connection" message on your device. Still, other users will keep on receiving this message.

Creating a self-signed certificate with PowerShell utility for Windows requires entering the following command:
New-SelfSignedCertificate -DnsName localhost -CertStoreLocation cert:\LocalMachine\My
This serves as a request for a self-signed certificate which then should be included in the folder containing reliable certificates. It will prevent the browser from reporting an encryption error.

This is how a self-signed certificate looks in Nginx server:
SSL certificate on Nginx server
cert.crt stands for an open key, and cert.key means a private key.

In Apache server, self-signed certificate appears in the following way:
SSL certificate on Apache server
Site.ru stands for the domain where you intend to apply the generated certificate.

Pros and cons of self-signed SSL certificates

Advantages

1
Opportunity for unlimited certificate generation.
2
No payment required for the signature.
3
Quick initiation. No need to pend the response of the certification center.

Disadvantages

1
User personal data set at risk.
2
Permanent "unknown publisher" warning.
3
Data security is not guaranteed.
4
Lack of user trust resulted from the absence of a certification center signature.
5
Possible errors in the certificate appearance and displaying in case it failed to be generated correctly.
Reliable centers issue various certificate variants that differ in price. Basic certificates verify domain name identity. More expensive ones are submitted upon the profound inspection of company data received directly from applicants to the extent of contact information and documentation.

The green badge with centre logo will appear on your site when the identification is successfully completed. This factor remarkably encourages user trust.

Conclusion

Self-signed and trusted certificates possess identical technical characteristics. A self-signed SSL certificate executes encryption of the data that passes from your browser to the server.

However, this data is at risk of attack by third parties and cannot be recalled. Besides, web resources protected by self-signed certificates will keep on reporting an insecure connection which will negatively influence the traffic of the site.

The use of self-signed certificates is acceptable for tested resources and minor companies' websites provided that the staff is informed about the insecure connection matter. Commercial resources with high traffic should be identified only by reliable certification centers.

You can receive a free-of-charge certificate with a subscription that will function until you are ready to purchase the paid version. Read more about free certificates.
This article is a part of Serpstat's "Site Audit" tool
SEO Audit in Serpstat
Audit all the site or page in one click. A complete list of errors, sorted by severity, ways to resolve them and recommendations. Any frequency of verification and automatic email reports.
Run Site Audit

Learn how to get the most out of Serpstat

Want to get a personal demo, trial period or bunch of successful use cases?

Send a request and our expert will contact you ;)

Rate the article on a five-point scale

The article has already been rated by 0 people on average out of 5
Found an error? Select it and press Ctrl + Enter to tell us

Share this article with your friends

Sign In Free Sign Up

You’ve reached your query limit.

Or email
Forgot password?
Or email
Back To Login

Don’t worry! Just fill in your email and we’ll send over your password.

Are you sure?

Awesome!

To complete your registration you need to enter your phone number

Back

We sent confirmation code to your phone number

Your phone Resend code Queries left

Something went wrong.

Contact our support team
Or confirm the registration using the Telegram bot Follow this link
Please pick the project to work on

Personal demonstration

Serpstat is all about saving time, and we want to save yours! One of our specialists will contact you and discuss options going forward.

These may include a personal demonstration, a trial period, comprehensive training articles & webinar recordings, and custom advice from a Serpstat specialist. It is our goal to make you feel comfortable while using Serpstat.

Name

Email

Phone

We are glad of your comment
Upgrade your plan

Upgrade your plan

Export is not available for your account. Please upgrade to Lite or higher to get access to the tool. Learn more

Sign Up Free

Спасибо, мы с вами свяжемся в ближайшее время

Invite
View Editing

E-mail
Message
Optional
E-mail
Message
Optional

You have run out of limits

You have reached the limit for the number of created projects. You cannot create new projects unless you increase the limits or delete existing projects.

I want more limits