Self-Signed SSL Vs Trusted CA Signed SSL Certificate, Learn the actual difference between a Self-signed SSL certificate and Trust Certificate Authority.
2. WHY IT’S ALWAYS BETTER TO GO WITH A
TRUSTED CA SIGNED SSL CERTIFICATE OVER A
SELF-SIGNED CERTIFICATE
• For all intents and purposes there are two kinds of SSL Certificate
when you’re talking about signing.
• There are Self-Signed SSL Certificates and certificates that are signed
by a Trusted Certificate Authority.
• While both offer encryption, they are not equal.
3. • Trusted CA’s are trusted for a reason, as the name implies the browser
community trusts them and they are allowed to issue SSL certificates to
websites that display the standard trust indicators and avoid those
pesky warnings.
• Self-Signed certificates don’t receive those same benefits, despite
offering basic encryption.
• By the end of this article you’ll see why it’s better to go with a Trusted
CA Signed SSL Certificate over a Self-Signed one.
4. WHAT IS A SELF-SIGNED SSL CERTIFICATE
AND WHAT IS A TRUSTED CA SIGNED SSL
CERTIFICATE?• A self-signed SSL Certificate is an SSL Certificate that is issued by the
individual using it.
• It’s issued with software that the user has and controls.
• This can be good for testing environments but it’s got some major drawbacks,
we’ll get to those in a bit, but essentially what you need to know is that when
a browser receives an SSL Certificate it’s looking for it to be issued by a party
it trusts.
• When you sign your own certificate you’re essentially vouching for your own
identity. After all, that’s one of the biggest aspects of SSL authentication.
5. WHAT IS A SELF-SIGNED SSL CERTIFICATE
AND WHAT IS A TRUSTED CA SIGNED SSL
CERTIFICATE?
• Self-signing a certificate is the same thing as handing a self-made driver’s
license to a police officer that’s pulling you over.
• It might have your real identifying information on it, but the officer isn’t going
to just take your word for it.
• He needs to see identification that’s been verified by a trusted third party, in
this case a DMV.
• Likewise, the browsers need to see an SSL certificate that’s been verified by a
trusted third party, in this case a Certificate Authority.
6. WHAT IS A SELF-SIGNED SSL CERTIFICATE
AND WHAT IS A TRUSTED CA SIGNED SSL
CERTIFICATE?
• And that’s what a Trusted CA Signed SSL Certificate is, it’s an SSL Certificate
that’s been authenticated by one of the trusted Certificate Authorities that are
authorized to issue them.
• These CA’s are trusted by the browsers for a reason, they meet all the
requirements that have been set for issuing SSL Certificates and they have
safeguards in place to mitigate mis-issuances and other sorts of fraudulent
behavior.
• The browsers trust the CA’s, and if they’ve issued your website an SSL
Certificate, by extension the browsers trust you.
8. WHY YOU SHOULD USE A TRUSTED CA SIGNED
SSL CERTIFICATE INSTEAD OF A SELF-SIGNED
ONE
• There are a number of reasons you shouldn’t use a Self-Signed SSL
Certificate outside of a testing environment.
• For starters, as we just touched on, the browsers that individuals use to
surf the Internet do not trust self-signed certificates.
• This is the whole point of authentication; a trusted third party is going
to vet you or your organization to verify your identity.
• Google (for example) isn’t just going to take your word for it.
10. WHY YOU SHOULD USE A TRUSTED CA SIGNED
SSL CERTIFICATE INSTEAD OF A SELF-SIGNED
ONE
• It’s also going to tell your potential visitors that it’s not going
to take your word for it. This will come in the form of
browser warnings that say a secure connection has failed.
“This certificate is not trusted because it is self signed.”
• As you can probably imagine, that’s going to dissuade a lot
of potential visitors from visiting your site. In turn, that’s
going to hurt your traffic, or if you’re running an e-commerce
business, your bottom line.
11. WHY YOU SHOULD USE A TRUSTED CA SIGNED
SSL CERTIFICATE INSTEAD OF A SELF-SIGNED
ONE
• On the other hand, using a Trusted CA Signed SSL Certificate is going
to garner no browser warnings, rather the browser will display all the
visual indicators that come with a working SSL Certificate.
• That means your visitors will see the padlock and either a green HTTPS
or a green address bar with your organization’s name in it.
• These all indicate that your website is safe and will give your visitors
the peace of mind they need to continue doing business with you.
12. CONCLUSION
• There are uses for Self-Signed certificates in testing environments, however on
the outward-facing Internet they lead to browser warnings that dissuade
potential visitors from coming to your website.
• While Self-Signed certificates do offer encryption, they offer no authentication
and that’s going to be a problem with the browsers.
• Trusted CA Signed SSL Certificates, on the other hand, do offer authentication
and that, in turn, allows them to avoid those pesky browser warnings and
work as an SSL Certificate should.
• So the choice is really a no-brainer. While it may seem like a good idea to try
and save money and sign your own certificate, in the long run you’re only
hurting your website go with a Trusted CA Signed Certificate instead.
13. IMPORTANT RESOURCES
• Trusted SSL Certificate Brands and Certificate
Authorities
• Install SSL Certificate on your server
• Important SSL Certificate Tools