Loading...Why you should always choose a trusted CA over self-signing your own SSL certificate
Let’s take a look at the reasons why you’re better off going with the Trusted Certificate Authority-issued SSL certificate over the one you signed yourself. We are going to study in-depth analysis of self signed certificate vs. trusted authority SSL certificate in this article.
Let’s Talk About Authentication
One of the two functions that an SSL certificate serves is authentication. We all know about encryption – the ability to secure a connection between a client and server – that’s why were even having this discussion, to begin with. But authentication is equally as important, both in the eyes of your website’s visitors/customers and from the perspective of the browsers.
You see, the browsers that your visitors/customers use are what interacts with the SSL certificate you’ve installed on your website. The encryption function doesn’t work without the browser. So the first thing any browser is going to do before it accepts an SSL certificate as valid and negotiates an encrypted connection with the website its installed on is to check and make sure the SSL certificate is trustworthy.
Browsers are designed to be skeptical. That’s how you stay secure on the internet, you scrutinize every detail. And since most human users can’t reasonably be expected to do all these little things on their own, the browsers act in their best interest.
As a default, the browsers don’t trust websites. Not just your website, any website. So just because there’s an SSL certificate installed on a website, doesn’t mean the browsers are going to just take it at the face and trust it implicitly. This is where validation comes in. Because the browsers do trust the CAs. CAs have to abide by rigorous industry standards in order to earn and maintain their trusted status.
When a CA issues you a certificate it’s essentially vouching for you. That’s why the CA goes through such great lengths to verify identity during the validation process—it wants to make sure it’s issuing to the correct entity. Because the browsers aren’t going to punish you if there’s a mistake—they’re going to punish the CA.
We may be getting a little too granular here, but when a browser sees an SSL certificate that has been issued by a trusted CA, that browser, in turn, extends its trust to the site the certificate is installed on. It will honor that SSL certificate and negotiate an encrypted connection.
But, if a browser sees an SSL certificate that is self-signed, it’s going to mark that website as unsafe and issue a warning to the user about the certificate. Keep in mind, the browser’s default setting is not to trust your website, and with a self-signed SSL certificate, you are essentially vouching for yourself.
Nobody is going to just accept that as proof enough.
Self-signed SSL just doesn’t work for the outward-facing internet. Users have been trained to heed browser warnings and asking them to ignore those warnings, as some websites do, is patently irresponsible.
So Why Do Self-Signed SSL certificates even exist?
Self-Signed SSL does have a few uses. For instance, if you’re running a test server or securing an internal network – basically if you’re dealing with inward-facing IPs or domains – where you can just tell employees to ignore the certificate warning, then self-signed SSL is a good way to make use of encryption without paying a CA to issue commercial certificates.
But for really any commercial purpose – meaning any web property that is accessible to the public – you need to have SSL issued by a trusted CA.
It’s not all that dissimilar to a driver’s license. You can’t just issue yourself a driver’s license and drive on public roads—that’s not going to work. What you want to do on your own property, privately, is your own business. But on public roads, you need to go through the right authorities—in this case the DMV.
Self-signing Vs Trusted CA SSL Certificate
SSL is similar. If you want to self-sign certificates for your own internal servers and have your employees play fast and loose with certificate warnings—more power to you. But if you’re on the public internet, you need to go through the right authorities.
Otherwise, you’re only going to run into trouble.
Buy SAN SSL or UCC SSL Certificates – 25% Off
