self-signed ssl versus trusted ca signed ssl certificate

14
SELF-SIGNED SSL VS. TRUSTED CA SIGNED SSL CERTIFICATE

Upload: cheapsslsecurity

Post on 14-Jan-2017

181 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

SELF-SIGNED SSLVS.

TRUSTED CA SIGNED SSL CERTIFICATE

Page 2: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

WHY IT’S ALWAYS BETTER TO GO WITH A TRUSTED CA SIGNED SSL CERTIFICATE OVER A SELF-SIGNED

CERTIFICATE

• For all intents and purposes there are two kinds of SSL Certificate when you’re talking about signing.

• There are Self-Signed SSL Certificates and certificates that are signed by a Trusted Certificate Authority.

• While both offer encryption, they are not equal.

Page 3: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

• Trusted CA’s are trusted for a reason, as the name implies the browser community trusts them and they are allowed to issue SSL certificates to websites that display the standard trust indicators and avoid those pesky warnings.

• Self-Signed certificates don’t receive those same benefits, despite offering basic encryption.

• By the end of this article you’ll see why it’s better to go with a Trusted CA Signed SSL Certificate over a Self-Signed one.

Page 4: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

WHAT IS A SELF-SIGNED SSL CERTIFICATE AND WHAT IS A TRUSTED CA SIGNED SSL

CERTIFICATE?• A self-signed SSL Certificate is an SSL Certificate that is issued by the individual

using it.

• It’s issued with software that the user has and controls.

• This can be good for testing environments but it’s got some major drawbacks, we’ll get to those in a bit, but essentially what you need to know is that when a browser receives an SSL Certificate it’s looking for it to be issued by a party it trusts.

• When you sign your own certificate you’re essentially vouching for your own identity. After all, that’s one of the biggest aspects of SSL authentication.

Page 5: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

WHAT IS A SELF-SIGNED SSL CERTIFICATE AND WHAT IS A TRUSTED CA SIGNED SSL

CERTIFICATE?• Self-signing a certificate is the same thing as handing a self-made driver’s

license to a police officer that’s pulling you over.

• It might have your real identifying information on it, but the officer isn’t going to just take your word for it.

• He needs to see identification that’s been verified by a trusted third party, in this case a DMV.

• Likewise, the browsers need to see an SSL certificate that’s been verified by a trusted third party, in this case a Certificate Authority.

Page 6: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

WHAT IS A SELF-SIGNED SSL CERTIFICATE AND WHAT IS A TRUSTED CA SIGNED SSL

CERTIFICATE?• And that’s what a Trusted CA Signed SSL Certificate is, it’s an SSL

Certificate that’s been authenticated by one of the trusted Certificate Authorities that are authorized to issue them.

• These CA’s are trusted by the browsers for a reason, they meet all the requirements that have been set for issuing SSL Certificates and they have safeguards in place to mitigate mis-issuances and other sorts of fraudulent behavior.

• The browsers trust the CA’s, and if they’ve issued your website an SSL Certificate, by extension the browsers trust you.

Page 7: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

Trusted SSL Certificate Vs Self-signed Certificate

Page 8: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

WHY YOU SHOULD USE A TRUSTED CA SIGNED SSL CERTIFICATE INSTEAD OF A

SELF-SIGNED ONE• There are a number of reasons you shouldn’t use a Self-Signed SSL

Certificate outside of a testing environment.

• For starters, as we just touched on, the browsers that individuals use to surf the Internet do not trust self-signed certificates.

• This is the whole point of authentication; a trusted third party is going to vet you or your organization to verify your identity.

• Google (for example) isn’t just going to take your word for it.

Page 9: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

Self-Signed Certificate Error in Browser

Page 10: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

WHY YOU SHOULD USE A TRUSTED CA SIGNED SSL CERTIFICATE INSTEAD OF A

SELF-SIGNED ONE• It’s also going to tell your potential visitors that it’s

not going to take your word for it. This will come in the form of browser warnings that say a secure connection has failed. “This certificate is not trusted because it is self signed.”

• As you can probably imagine, that’s going to dissuade a lot of potential visitors from visiting your site. In turn, that’s going to hurt your traffic, or if you’re running an e-commerce business, your bottom line.

Page 11: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

WHY YOU SHOULD USE A TRUSTED CA SIGNED SSL CERTIFICATE INSTEAD OF A

SELF-SIGNED ONE• On the other hand, using a Trusted CA Signed SSL Certificate is going to garner no browser warnings, rather the browser will display all the visual indicators that come with a working SSL Certificate.

• That means your visitors will see the padlock and either a green HTTPS or a green address bar with your organization’s name in it.

• These all indicate that your website is safe and will give your visitors the peace of mind they need to continue doing business with you.

Page 12: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

CONCLUSION• There are uses for Self-Signed certificates in testing environments, however on the outward-facing Internet they lead to browser warnings that dissuade potential visitors from coming to your website.

• While Self-Signed certificates do offer encryption, they offer no authentication and that’s going to be a problem with the browsers.

• Trusted CA Signed SSL Certificates, on the other hand, do offer authentication and that, in turn, allows them to avoid those pesky browser warnings and work as an SSL Certificate should.

• So the choice is really a no-brainer. While it may seem like a good idea to try and save money and sign your own certificate, in the long run you’re only hurting your website go with a Trusted CA Signed Certificate instead.

Page 13: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

IMPORTANT RESOURCES

• Trusted SSL Certificate Brands and Certificate Authorities

• Install SSL Certificate on your server

• Important SSL Certificate Tools

Page 14: Self-Signed SSL Versus Trusted CA Signed SSL Certificate

Blog: cheapsslsecurity.com/blog

Facebook: CheapSSLSecurities

Twitter: SSLSecurity

Google Plus: +Cheapsslsecurity

FOR MORE INFORMATION ON TRUSTED SSL CERTIFICATE AUTHORITY